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Abstract. A univariate polynomial / over a field is decomposable if it is 
the composition / = g o h of two polynomials g and h whose degree is at 
least 2. We determine an approximation to the number of decomposables 
over a finite field. The tame case, where the field characteristic p does not 
divide the degree n of /, is reasonably well understood, and we obtain 
exponentially decreasing relative error bounds. The wild case, where p 
divides n, is more challenging and our error bounds are weaker. 
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1. Introduction 

It is intuitively clear that the decomposable polynomials form a small minority 
among all polynomials (univariate over a field) . The goal in this work is to give 
a quantitative version of this intuition. 

Our question has two facets: in the geometric view, we want to determine 
the dimension of the algebraic set of decomposable polynomials, say over an 
algebraically closed field. The combinatorial task is to approximate the number 
of decomposables over a finite field, together with a good relative error bound. 

The first task is easy. For the second task, one readily obtains an up- 
per bound. The challen ge then is to find an essentially matching lower bound. 



Von zur Gathenl (jl990al Jbl) introduced the notion of tame for the case where the 



field characteristic does no t divide the deg ree of the left component, and wild for 



the complementary case. dSchinzell (120001 ) . § 1.5, uses tame in a different sense.) 
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Kozen & Landai 
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1986): see also 


von zur Gathen. Kozen & Landau 
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1987); 


Kozen & Landaul ( 


1989): Kozen. Landau & Zippel (1996m: iGutierrez k, Sevilla 
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(2006), and the survey articles of lvon zur Gathenl (120021 ) and lGutierrez fc Kozen 
(120031 ) with further references. This leads to good estimates of the number of 
decomposable polynomials, provided that we can also apply a central tool in 
this area, namely Ritt's Second Theorem. This provision is satisfied if the 
square of the smallest prime divisor t of the degree n does not divide n. 

In the wild case, the methods from the literature do not yield a satisfactory 
lower bound. We present in lSection 31 a decomposition "algorithm" which fails 
on some inputs but works on sufficiently many ones. The algorithm is a cen- 
terpiece of this paper and yields lower bounds on the number of decomposable 
polynomials in the wild case. 

An important tool for estimating the number of "collisions", where different 
pairs of components yield the same composition, is Ritt's Second Theorem. 
Ritt worked with F = C and used analytic methods. Subs equently, hi s ap- 
proach was replac e d by algebr aic meth o ds, in the work of iLevil ( 119421 ) and 



Dorey fc Whapled (119741 ). and ISchinzell ( 119821 ) presented an elementary but 
long and involved argument. Thus Ritt's Second Theorem was also shown 
to hold in positi ve chara c terist ic p. The original versions of this required 



p > deg(g o h). Zannierl ( 1993 ) reduced this to the milder and more natu- 



ral requir ement g'(g*)' ^ 0. His proof works over an algebraic closed field, and 
Schinzel'sfooO monograph adapts it to finite fields. In lSection 41 we provide a 
precise quantitative version of this Theorem, by determining exactly the num- 
ber of such collisions in the tame case, assuming that p\njl. This is based 
on a unique normal form for the polynomials occurring in the Theorem. Fur- 
thermore, we give (less precise) substitutes in those cases where the Theorem 
is not applicable. 

A uniquene s s prop erty in Ritt's Second Theorem is not obvious, and indeed 



Beardon fc Ngi (120001 ) are puzzled by its absence. On their page 128, they write, 



translated to the present notation, "Now these rules are a little less transparent, 
and a little less independent, than may appear at first sight. First, we note 
that [the First Case], which is stated in its conventional form, is rather loosely 
defined, for the k and w are not uniquely determined by the form x k w(x e ); 
for instance, if w(0) = 0, we can equally well write this expression in the 
form x k+ w(x ), where w = w/x. Next, T 2 (x, 1) = x 2 — 2 differs by a linear 
component from x 2 , so that in some circumstances it is possible to apply [the 
Second Case] to T 2 (x, 1), then [a linear composition], and then (on what is 
essentially the same factor) [the Second Case]. These observations perhaps 
show why it is difficult to use Ritt's result." These well-motivated concerns are 
settled by the result of the present paper. 

ISection 5l presents the resulting estimates in the tame case. ISection 6l puts 
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together all our bounds in the general case, resulting in a veritable jungle of 
case distinctions. It is not clear whether this is the nature of the problem 
or an artifact of our approach. The following is proved at the very end of 
the paper and provides a precis of our results — by necessity less precise than 
the individual bounds, in particular when q < 4 or n is (close to) £ 2 . The 
basic statement is that a n is an approximation to the number of decomposable 
polynomials of degree n, with relative error bounds of varying quality. 

Main Theorem. Let ¥ q be a finite field with q elements and characteristic p, 
let £ be the smallest prime divisor of the composite integer n > 2, D n the set 
of decomposable polynomials in ¥ q [x] of degree n, and 



a, 



'2^+^(1 _ g -i) if n -L 



q 2e (l — q 



if n 



Then the following hold. 

(i) q 2 ^/2 < a n < 2q n / 2+2 . 

(ii) a n /2 < #D n < a n (l + <r n/ae ) < 2a n < Aq n ' 2+2 . 

(iii) ffn^p 2 and q > 5, then #D n > (3 - 2q- 1 )a n /A > q 2 ^/2. 

(iv) Unless p = £ and p divides n exactly twice, we have j^D n > a n (l — 2g~ 1 ). 

(v) lfp\n, then |#-D„ - ct n \ <ct n - q~ n / 312 . 



The upper and lower bounds in (ii) and (v) differ by a factor of 1 + e, with 
e exponentially decreasing in the input size nlogg, in the tame case and for 
growing n/3£ 2 . When the field characteristic is the smallest prime divisor of n 
and divides n exactly twice, then we have a factor of about 2, provided that 
the condition in (iii) is satisfied. In all other cases, the factor is l + 0(g _1 ) 



over 



¥ q . It remains a cha llenge whether these gaps can be reduced. 



GiesbrechU (1988) was the first to consider our counting problem. He showed 



that the decomposable polynomials form an exponentially small fraction of all 
univariate polynomials. My interest, dating back to the supervision of this 
thesis , was rekindled by a s tudy of similar (but multivariate) counting prob- 
lems (Ivon zur Gathenll2008bl ) and during a visit to Pierre Debes' group a t Lille, 
where I received a preliminary version of iBodin. Debes fc Na iib (200d). Mul- 
tivariate decomposable polyn omials are counted in Ivqn zur Gather] rt200~8aV 

We use the methods from Ivon zur Gather] ( I2008bl ). where the correspond- 
ing counting task was solved for reducible, squareful, relatively irreducible, 
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and singular bivariate polynomials. IVon zur Gathen. Viola & , Zieeler (2009) 



extend s those results to multivariate polynomials. Recently, iZieve fc Mtiller 
(120081 ) found interesting characterizations of complete decompositions, where 
all components are indecomposable. 



2. Decompositions 

A nonzero polynomial / G F[x] over a field F is monic if its leading coefficient 
lc(/) equals 1. We call / original if its graph contains the origin, that is, 
/(0) = 0. 

Definition 2.1. For g,h e F[x], 

f = goh = g(h) G F[x] 

is their composition. If degg, deg h > 2, then (g, h) is a decomposition of f. A 
polynomial f G F[x] is decomposable if there exist such g and h, otherwise f is 
indecomposable. The decomposition (g, h) is normal ifh is monic and original. 



Remark 2.2. Multiplication by a unit or addition of a constant does not 
change decomposability, since 

f = g o h •<=>- af + b = (ag + b) o h 

for all f, g, h as above and a, b G F with a ^ 0. In other words, the set of 
decomposable polynomials is invariant under this action of F x x F on F[x}. 

Furthermore, any decomposition (g, h) can be normalized by this action, by 
taking a = \c(hy l G F x , b = -a • h(0) G F, g* = g((x - b)a~ l ) G F[x], and 
h* = ah + b. Then g o h = g* o h* and (g*, h*) is normal. 

We fix some notation for the remainder of this paper. For n > 0, we write 

P n = {feF[x]: deg f<n} 

for the vector space of polynomials of degree at most n, of dimension n + 1. 
Furthermore, we consider the subsets 

P= = {fEP n : deg f = n}, 

P° = {/ G : / monic and original}. 

Over an infinite field, the first of these is the Zariski-open subset P n \ P n -i 
of P n , and thus irreducible, taking P_i = {0}. The second one is obtained by 
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further imposing one equation and working modulo multiplication by units, so 
that 

dimP~ = n + 1, 
dim P° = n — 1 , 

with Pq = 0. For any divisor e of n, we have the normal composition map 

P e X P n/e * P n > 



corresponding to Definition 2.11 and set 

(2.3) £>n, e = im7n, e . 

The set P n of all decomposable polynomials in P= satisfies 

(2.4) D n = |J D ft)B . 

e|n 
l<e<n 

In particular, P„ = if n is prime. We also let I n = P= \ D n be the set of 
indecomposable polynomials. Over a finite field ¥ q with g elements, we have 

#p n = = <f +1 (i-<r 1 ), 

= q n ~\ 
#D n , e <q e+n / e (l-q- 1 ). 



Remark 2.5. By lKemar.k over an algebraically closed Held, the codimen- 



sion of D n in P n equals that of D n PI P° in P°. Tne same noids for J„, and 
over a finite fieid for tne corresponding fractions: 

#Dn _ #(A t nP n °) 

i^ P n 
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Example 2.6. We look at normal decompositions (g,h) of univariate quartic 
polynomials /, so that n — 4. By IRemark 2.21 we may assume / G P®, and 
then also g is monic with constant coefficient 0. Thus the general case is 

(x 2 + ax) o (x 2 + bx) = x 4 + ux 3 + vx 2 + wx G F[x], 

with a,b,u,v,w G F. We find that with a = 2w/u and b = u/2 (assuming 
2u 7^ 0), the cubic and linear coefficients match, and the whole decomposition 
does if and only if 



u 



Auv + 8w = 0. 



This is a defining equation for the hypersurface of decomposable polynomials 
in P° (if charF 7^ 2). Translating back to P^, we have 



dim D4 = 4 < 5 = dim P 4 . 



This example is also in iBarton k. Zippell (119851 . Il976l ) . 







3. Equal-degree collisions 

A decomposition (g, h) of / = g o h over a field of characteristic p is called 
tame ifpf deg^, and wild otherwise, in analogy with ramification indices. The 
polynomial / itself is tame if p \ deg/, and wild otherwise. The tame case is 
well understood, both theoretically and algorithmically. The wild case is more 
difficult and less well understood; ther e are polynomials with superpolynomially 
many "inequivalent" decompositions (|Giesbrechtlll988l ). 
For u, v G F[x] and j G N, we write 



u 



v + 0(x j ] 



if deg(u — v) < j. We start with two facts from the literature concerning the 
injectivity of the composition map. When p \ n, a polynomial f = x n + fax 1 + 
0(x l ~ l ) with fi 7^ is called simple if p \ i or i < n — p. 

Fact 3.1. Let F be a field of characteristic p, and e a divisor ofn>2. 
(i) If p does not divide e, then 7 n e is injective, and 



e+n/ e (| 



Q 



(ii) Ifp divides n exactly d times and f G F[x] is simple, then f has at most 
s < 2p d < 2n normal decompositions, where s = (j> d+1 — l)/(p — 1) = 
1 +p + ■ — \-p d . 
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ii) follows from 



von zur 



Proof. 

and the references therein, 
above notion of a simple polynomial is defined, and (the proof of) Corollary 
3.6 of that paper shows that there are at most s such decompositions of /. □ 



The uniqueness in (i) is well-kno wn, see e.g..lvon zur Gathenl ( jl990al ) 

Gathen (Il990bl ). where the 



The paper cited for (ii) also gives an algorithm to decide decomposability and, 
in that case, to compute all such decompositions. This only applies to "sim- 
ple" polynomials, and no nontrivial general upper bound on the number of 
decompositions seems to be known. 



Algorithm 3.14| below uses a similar approach. On the one hand, it applies 
to more restricted inputs. On the other hand, it is faster (roughly, n 2 vs. n 4 ), 
more transparent and hence easier to analyze, and yields a lower bound on the 
number of decomposables at fixed component degrees. 

In lSection 51 we find an upper bound a n on #D n , up to some small relative 
error. When the exact size of the error term is not a concern, then this is quite 
easy. Furthermore, IFact 3.11 immediately yields a lower bound of a n /2 if p is 
not the smallest prime divisor £ of n, and of about a n /An in general, since 
"most" polynomials are simple. 

Our goal in this paper is to improve these estimates. For this purpose, we 
have to address the uniqueness (or lack thereof) of normal compositions 



(3.2) 



g o h = g* o h* 



in two situations. We call {(g, h), (g*, h*)} satisfying (3.2) with h ^ h* an equal- 
degree collision if degg = degg* (and hence degh = degh*), and a distinct- 
degree collision if degg = degh* ^ degh (and hence degh = degg*). The 
present section deals with equal-degree collisions, and ISection 4l with distinct- 
degree collisions. 



By Fact 3.1(i) there are no equal-degree collisions when p \ degg. In the 
more interesting case p \ degg, collisions are well-known to exist; [Example 3.46 
exhibits all collisions over F 3 at degree 9. Our goal, then, is to show that there 
are few of them, so that the decomposable polynomials are still numerous. 
[Algorithm 3.14| provides a constructive proof of this. For many, but not all, 
(g, h) it reconstructs (g, h) from g oh. To quantify the b enefit provided by the 
algorithm, we rely on a result by Antonia iBluherl (120041 ) . 

Distinct-degree collisions are classically taken care of by Ritt's Second The- 
orem. Some versions put a restriction on p that would make our task difficult, 
but Umberto Zannier (Il993l ) has cut this restriction down to the bare minimum. 
The additional c ommon restrict ion that gcd(deg g, deg h) = 1 has essentially 
been removed by iTortratl (119881 ). but only if p does not divide the degree. If, 
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in addition, the composition is wild, then a look at derivatives provides a rea- 
sonable bound. It is useful to single out a special case of wild compositions. 



Definition 3.3. We call Frobenius composition any f G since then 

f = x p o h* for some h* G P^/ p , and any decomposition (g,h) of f = g o h is a 
Frobenius decomposition. A Frobenius collision is the following example of a 



collision (3.2) For any integer j, we denote by (fj : F — > F the jth power of 
the Frobenius automorphism over a held F of characteristic p, with f j(a) = a pJ 
for all a G F, and extend it to an ¥ p -linear isomorphism ipj : F[x] — ► F[x) with 
<fj(x) = x. Then if h G F[x], we have 



(3.4) x p3 oh = Vj {h) 



o x 



2 

Thus any Frobenius composition except x p is the result of a collision. Over 
F = F q , there are g pJ_1 — 1 many h G P% with h ^ x pJ and for m ^ p> , this 
produces q m ~ l collisions with h G P^. By composing with a linear function, 
we obtain — — g _p3+1 ) and q m+1 (l — q^ 1 ) Frobe nius collis i ons fo r 



m = pi and m ^ p 7 , respectively. This example is noted in ISchinzell (119821 ) , 
Section 1.5, page 39. 

The Frobenius compositions from IDefmition 3.31 are easily described and 
counted. It is useful to separate them from the others. If p \ n and £ is a 
proper divisor of n, we set 

D* = D n nF{x p ], 
(3.5) Dt = D n x Dl 

so that D% comprises exact ly the Frobenius compositions of degree n. 

Von zur Gathen presents an algorithm for certain "wild" decompo- 



sitions / = g o h with 

deg f = n = k ■ m = deg g ■ deg h 

and p | k. It first makes coefficient comparisons to compute h, and then a Taylor 
expansion to find g. We now take a simplified version of that method. It does 
not work for all inputs, but for sufficiently many for our counting purpose. In 
general, decomposing a polynomial can be done by solving the corresponding 
system of equations in the coefficients of the unknown components, say, using 
Grobner bases. 
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To fix some notation, we have integers 
(3.6) d > 1, r = p d , k = ar, m > 2, n = km, k with < k < k and p \ an, 
and polynomials 



i<?<, 

(3.7) ^= S ^ 



Ki<K 



Ki<m 



f = goh = h k + 9ih\ 



l<i<K 



with h m — 1, h m -i 7^ 0, and either g K ^ ov g = x k ; the latter case corresponds 
to k — 0. The idea is to compute foj for i = m — 1, m— 2, . . ., 1 by comparing the 
known coefficients of / to the unknown ones of h k and g K h K . Special situations 
arise when the latter two polynomials both contribute to a coefficient. We 
denote by 

i<b<m 

the top part of h, so that /i*" 1-1 ) = 0. Furthermore, we write coeS(v,j) for the 
coefficient of x J in a polynomial v, and 

Cij(v) = coeS(v o(h- h {i) ),j). 

Thus c m -ij(x k ) = coeff(h k ,j), and in particular, we have c m _ij(g) = fj for 
all j. To illustrate the usage of these c^-, we consider £1 below. At some 
point in the algorithm, we have determined g K , h m , . . . , hi + \. The appropriate 
Cij exhibits hi in a simple fashion, meaning that we can compute it from fj and 
h^. Lastly we define the rational number 

k — a Km — n 

(3.8) i = ml - — a + 1) — h m; 

r — 1 r — 1 

thus i < m, and i is an integer if and only if 

r — 1 \ (k — a)m. 
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Lemma 3.9. For 1 < i < m and < j < n, we have the following. 
Ei : Ifi< m, then 

(3.10) c it{R _i )m+i (g K x K ) = Kg K h h 
and c m -i tKm ( y g Ki x K ) = g K . 

E 2 : Ifi<m, then 

(3.11) Q >ra _ r(m _j)(x fc ) = ah\. 
Ifr\j, then coeff(h k ,j) = 0. 

E 3 : Ifi G N, then 

(3.12) Q 0i(K _i )m+io (x fc + g K x K ) = ah r iQ + ng K h io . 

E 4 : Ifm — r and K — k — 1, then 

^ ^ c m-l,Kin(x k + 9kX K ) — a Kn-l + 9m 

Cm— 1,/tm— 1 (•£ 9k% ) Qnhm—'i.- 

Proof. For E ± , we have to consider 

g K {x m + tux* + 0{x l ~ 1 )) K = g K x Ka + Kg K h t x {K ~ 1)m+t + O^"" 1 )™*- 1 ), 
furthermore 

l)m+i(,9 ) 9k ' fchij 

c m , Km {g K x K ) = coeS(g K h K , Km) = g K , 
and Ei follows. For E 2 , we have 

h a = x am + ^^-1 + O^"™" 2 ). 

When i < m, then in the coefficient of x ^ a ~ 1 ^ m+l , we have the contribution ahi, 
which comes from taking in the expansion of h a the factor x m exactly a — 1 
times and the factor hiX 1 exactly once; there are a ways to make these choices. 
The largest degree to which a summand hjX^ contributes in h a is (a — l)m + j, 
so that those with j < % do not appear in the coefficient under consideration, 
and Ci t ( a -i) m +i(x a ) = ahi. Raising h a to the rth power yields 

Ci,((a-l)m+i)r(x k ) = Q,((a-l)m+i)r ((^T) = = ah\ 
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and proves E 2 , since ((a — l)m + i)r = n — rim — i). 
For E 3 , we have 

(k — l)m + 2 — n — rim — z ), 

Cioi( K ~l) m +*() ("^ ) Qo,n— r(m— ig) (•£ ) "I - Qo,(re— l)m+io (,9k% ) 

For £4, we have nm = n — m and from Ei and E 2 

c m -i, Km -i{x k + g K x K ) = coeff(h k , nm - 1) + c m _i jKm _i(5f K x K ) 

= + Kg K h m -t = -gjim-x- □ 

In the following algorithm, the instruction "determine hi (or g K ) by £ M (at 
for 1 < n < 4, means that the property E^ involves some quantity %(•) 
which is a summand in coeff((7 o /i, j) = / J? the other summands are already 
known, and we can solve for hi (or g K ). When we use E 2 , we first compute 
y = h\ and then hi by extracting the rth root of y. Over a finite field, this 
always yields a unique answer, since r is a power of p. But in general, y might 
not have an rth root. We say "compute h\ by E 2 , then hi if possible" to mean 
that first y is determined, then hi as its rth root; if y does not have an rth 
root, then the empty set is returned. 

The main effort in the correctness proof is to show that all data required are 
available at that point in the algorithm, and that the equation can indeed be 
solved. The algorithm's basic structure is driven by the relationship between 
the degrees nm of g K h K and n — r of h k — x n . 

Algorithm 3.14. Wild decomposition. 

Input: / G F[x] monic and original of degree n = km, where F is a field of 

characteristic p > 2, d > 1, r = p d , and k = ar with p \ a. 
Output: Either a set of at most r + 1 pairs (g, h) with g,h G F[x] monic and 
original of degrees k and m, respectively, and / = g o h, or "failure". 

1. Let j be the largest integer for which fj ^ and p \ j. If no such j 



exists then if d > 2 call Algorithm 3.14 recursively and else call a tame 



decomposition algorithm, in either case with input /* = f x f p and k* = k/p. 
If a set of (g*, h*) is output by the call, then return the set of all Frobenius 
compositions (x p o g* , h*). 

If p \ m then if m\ j then return "failure" else set k = j/m. If p | m then if 
m\ j + 1 then return "failure" else set k — (j + l)/m. If p \ K, then return 
"failure". Calculate io = (nm — n)/(r — 1) +m. 
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3. If Kin > n — r + 2 then do the following. 

a. Set g K = /^m- 

b. Determine hi for i = m — 1, . . . , 1 by E\. 

4. If Km = n — r + 1 then do the following. 

a. Set g K = f K 



• Km • 



b. Determine h m -i by E 3 . If (3.12) does not have a unique solution, then 
return "failure". 

c. Determine hi for i — m — 2, . . . , 1 by E\. 

5. If Km = n — r then do the following. 

a. Determine /i m _i by £4, in the following way. Compute the set S of 
all nonzero s G ¥ q with 

(3.15) as r+1 — f Km S — fnm-l = 0- 

If S = then return the empty set, else do steps 5.b and 5.c for all 
s E S, setting /t m _i = s. 

b. Determine g K by E\ and E 2 at x Km , from f Km = ah r m _ 1 + g K . 

c. For % = m — 2, . . . , 1 determine hi by E\. 

6. If Km < n — r then do the following. 

a. Determine h r m _ x by E 2 , then /t m _i if possible. 

b. If r { m then determine by E\ at x Km (as g K = f Km ), else by Ei at 
a; Km_1 (via Kg K h m _ x = / rem _i). 

c. Determine /i[ by £2, then /ij if possible, for decreasing % with m — 2 > 
z > z . 

d. If zo is a positive integer, then determine hi by E 3 . If E 3 does not 
yield a unique solution, then return "failure". 

e. Determine hi for decreasing i with zq > i > 1 by Ex. 

7. [We now know h.] Compute the remaining coefficients gi, ■ ■ ■ ,g K -i as the 
"Taylor coefficients" of / in base h. 

8. Return the set of all (g, h) for which g o h = f. If there are none, then 
return the empty set. 



The Taylor expansion method d etermines for given f a nd h the unique g 
(if one exists) so that / = g o h; see lvon zur Gathenl (Il990al ). 
We first illustrate the algorithm in some examples. 
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Example 3.16. We let p — 5, n = 50, and k = r = 5, so that a = d = 1 and 
m = 10, and start with k — 4 = r — 1. We assume ^39 = #4/19 7^ 0. Then 

^ + ^ = x 50 + h 5 x 45 + ^5 + ^40 + 4^/^39 + + ^38 

+x 36 ■ 0(x) + (h\ + g 4 (4:h 5 + h 9 h 6 + h 8 h 7 + h\h 7 + h 9 h 2 s + h 3 g h 8 ))x 35 + 0(x 3A ). 

Step CD determines j = 39, and step[2]finds k = (39 + l)/10 and io = 15/2 G" 
N. Since Km = 40 < 45 = n — r, we go to step El Step lOtal computes h 9 at 
a; 45 , step I6lbl yields g<± at x 39 , step iQfel determines /is at x m by £2, step Iflldl is 
skipped, and then step [Qtel yields h 7 , /ii at x 37 , ...,x 31 , respectively, all using 
-Ei. Step [7] determines gi, g 2l #3, and step [8] checks whether indeed f — g o h, 
and if so, returns (g, h). 

With the same values, except that k = 3, we have 

/r 5 + g 3 h 3 = x 50 + h 5 g x 45 + h\x m + h 5 7 x 35 

+ (hi + g 3 )x 30 + 3g 3 h 9 x 29 + g 3 (3h 2 9 + 3h 8 )x 28 + x 26 ■ 0(x) 

+ (h 5 5 + g 3 (3h 5 + 3h 9 h 6 + 3h 8 h 7 + 3h\h 7 + 3h 9 h 2 8 ))x 25 + 0(x 2A ). 

Assuming that f 29 = 3g 3 h 9 ^ 0, the algorithm computes j = 29, k = 
(29 + 1)/10, i = 5 G N, goes to step El determines h 9 at x 45 , g 3 at x 29 , h 8 , h 7 , 
h 6 according to E 2 , then h 5 at x 25 via the known value for hl + 3g 3 h 5 in step lflldl 
with E 3 . Condition (3.18) below requires that (— 3g 3 ) <Kq ~ 1 ^ i 7^ 1 and guarantees 



that h$ is uniquely determined, as shown in the proof of lTheorem 3.171 below. 
Finally /14, hi and gi,g 2 are computed. 

As a last example, we take p = 5, n = 25, k = r = m = 5 and k = 4, so 
that a = 1 and 



h b + £ 4 /i 4 = x 2b + (hi + 9i )x 2[J + Ag^x 19 + 0(x 1 *). 

Again we assume fi 9 = Ag^h^ 7^ 0. Then steps [T] and [2] determine j = 19, 
k, = 4, and i — 15/4 G" N. We have nm = 20 = n — r, so that we go to step 



El In step l5tal we have to solve (3.15) The number of solutions is discussed 



starting with IFact 3.251 below. We consider two special cases, namely q = 5 
and q = 125. For q = 5, we have 25 pairs (v, w) = (f 20 , fi 9 ) G F5 to consider, 
with «)^0. When v 7^ 0, then the number of solutions is 

'2 if wv~ 2 G {2, 0}, 
1 if wv~ 2 = 1, 
otherwise, 
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and when v = 0: 

2 for the squares w = 1, 4, 

otherwise. 

Over F125, we have the following numbers of nonzero solutions s when v 0: 

'6 for 1 • 124 values (v, w), 

2 for 47- 124 values (v,w), 

1 for 25 ■ 124 values (t> , w), 
^0 for 52 • 124 values (v,w), 

and when v = 0: 



2 for 62 values of u>, namely the squares, 
for 62 values of w. 

These numbers are explained below. We run the remaining steps in parallel for 
each value h A = s with s G S. This yields in step Ifllbl h 3 , h 2 , hi in step l3fcl 
and g u g 2 , g 3 in step [3 

We denote by M(n) a multiplication time, so that polynomials of degree 
at most n can be m ultiplied with M(ri) operations in F. Then M(ri) is in 
O (n lo g n loglog n) ; see von zur Gathen &: Gerhard (120031 ). Chapter 8, and Purer 
(120071 ) for an improvement. 

For an input /, we set cr(f) = #S if the precondition of step [5] is satisfied 
and S computed there, and otherwise a(f) = 1. 

THEOREM 3.17. Let f be an input polynomial with parameters n, p, q = p e , 
d, r, a, k, m as specified, g, h, k, i as in (3.7) and (3.8), so that f = g oh, set 
c = gcd(d, e) and suppose further that 

(3.18) ifio e N and 1 < i < m, then {-Kgja)^^ 1 ) ^ 1. 

On input f, {Algorithm 3. 1 4] returns either 'failure" or a set of at most cr(f) nor- 
mal decompositions (g*, h*) of f, and (g, h) is one of them. Except if returned 
in step [IJ none of them is a Frobenius decomposition. If F = ¥ q is Gnite, then 
the algorithm uses 

0(M(n) \ogk(m + log(fcg))) 
or 0~(n(m + logg)) operations in ¥ q . 
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Proof. Since r = p d \ k, we have coeff(h k , j) = unless r | j. Furthermore 
9 K h K = g K x Krn + k^/i,,,.!!™^ 1 + 0(x Km ~ 2 ) and Kg K h m -i ^ 0, so that j from 
step ED equals nm (if p f m) or Km — 1 (if p | to). Thus k is correctly determined 
in step [2l In particular, / is not a Frobenius composition. 

We denote by G the set of (g, h) allowed in the theorem. We claim that the 
equations used in the algorithm involve only coefficients of / and previously 
computed values, and usually have a unique solution. It follows that most 
/ ^ ln,k{G) are correctly and uniquely decomposed by the algorithm. The 



only exception to the uniqueness occurs in (3.15) 



In the remaining steps, we use various coefficients fj for j 



l)m + i 



with 1 < % < m or j 
so that n — rim — io) 



n — r(m — i) with i$ < i < m. The value io is defined 
= (k — l)m + i , and thus 



(3.19) 



n — r(m — i) > (k— l)m + % if and only if i > i 



0) 



since the first linear function in i has the slope r > 1, greater than for the second 
one. Since i > 1, it follows that j > (k— l)m for all j under consideration. For 
the low-degree part of g we have 



deg((# - {x k + g K x K )) o h) < (k - l)m < j, 



so that 



fj = coeS(g o h, j) = coeff((a; fc + g K x K ) o h,j) = coeS(h k + g K h K ,j) 

for all j in the algorithm. 

We have to see that the application of E 3 in steps I4lbl (where i$ = m 
and I6ldl (where m — 2 > i Q > 1) always has a unique solution. The right hand 



1) 



side of (3.12), say as r + Kg K s, is an F p -linear functi on of s. Th e equation has 
a u nique soluti on if and only if its kernel is {0}. (jSegrel [l964l . Teil 1, 3, 
and IWanlll99nl provide an explicit solution in this case.) But when s e ¥ q is 
nonzero with as r + ng K s = 0, then —ng K /a = s r_1 . Writing z = p c , so that 
z — 1 = gcd(g — 1, r — 1), we have 



-Kg K /a) 



-l\(ff-l)/(*-l) 



is 



(r-l)/(*-l)N ff -l 



contradicting the condition (3.18) 



For the correctness it is sufficient to show that all required quantities are 
known, in particular Cij{g K x K ) in E\ and Q J (x fe ) in E 2 , and that the equations 
determine the coefficient to be computed. We have 



(3.20) 



deg(h k - x n ) = deg((h a - x am ) r ) < 



am 



l)r 



n — r, 



16 Joachim von zur Gathen 



so that g K = f Km in steps I3tal and l4tal 

The precondition of step [3] implies that for alH < m we have 

(k — l)m > n — r — m + 2 > n — mr + (r — l)(m — 1) > n — rm + (r — 

n — r(m — i) < [k — l)m + i. 
Thus from E\ we have with j = (n — l)m — i 



/( K _i) m+ i = coeff(/i fc , j) + coeff(g K h K ,j] 
= coeff((h^) k ,j) + Kg K h t 



with Kg K ^ 0, so that hi can be computed in step 131 bl 

The precondition in step [4] implies that io = m — 1, and hence (r — 1) | 
(a-K)m. E 3 says that / rem _i = c m - ltKm - 1 (x k + g K x K ) = ah r m _ 1 + ng K h m -i. We 
have seen above that under our assumptions the equation f Km -i — os r + Kg K s 
has exactly one solution s. By an argument as for step I3lbl also step l4fcl works 
correctly. 

The only usage of E\ occurs in step l9tal where k = (n — r)/m — k — r/m. 
Since p \ k, r is a power of p, and p \ k, this implies that r = m and k = k — 1. 
We have from E± 

/rem = a h m _ l + g K , 

fnm—\ 9xh"m—\ (/rem ^^m— l)^m— 1 ^^m—l fnm^m— 1- 

Thus /i m _i 6 5 as computed in step l3tal and ^ K is correctly determined in step 
I51bl The precondition of step [5] implies that io = m— 1 — 1/ (r — 1), which is an 
integer only for r = 2. In that case, io = m — 2 = and no further hi is needed. 
Otherwise, m — 2 < i < m — 1 and step l3fcl works correctly since i < io- 

The precondition of step [6] implies that z < m — 1. If r f m, then 
coeff(/i fc , Km) = by E 2 , and otherwise coeff(/i fc , Km — 1) = 0. Thus g K is 
correctly computed in step I6lbl Correctness of the remaining steps follows as 
above. 

For the cost of the algorithm over F = ¥ q , two contributions are from cal- 
culating (h^) K for some j < m and the various rth roots. The first comes to 
0{m ■ log/t • M(n)) and the second one to 0(m ■ log p g) operations in F g . E 3 
and E± are applied at most once. We then have to find all roots of a univariate 
polynomial of degree at most r + 1. This can be d one with 0(M(r) logr logrg) 
operations (see lvon zur Gathen fa Gerhard (120031 ). Corollary 14.16). The Tay- 



lor coefficients in step [7] can be calculated with 0(M(n) log A;) operations (see 
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von zur Gathen &: Gerhard (120031 ). Theorem 9.15). All other costs are domi- 
nated by these contributions, and we find the total cost as 



0(M(n) log A; • (m + log(fcg))) . 



□ 



A more direct way to compute h (say, in step 3) is to consider its reversal as 
the /tth root of the reversal of (/ — h k )/q K , feeding the contribution of h k into 
the Newton iteration as in von zur Gathenl fll990af ). I 
procedure. 



have not analyzed this 
Our next task is to determine the number A of decomposable / obtained 



as g o h in ITheorem 3.171 Since (3.15) is an equation of degree r + 1, it has 



at most r + 1 solutions, and a(f) < r + 1. A is at least the number of (g, h) 
permitted by ITheorem 3.171 divided by r + 1. The following considerations 
lead to a much better lower bound on A. 



In the following we write, as usually, p 



charFg, and also 



(3.21) 



p e ,r 



p d ,c 



gcd(d,e),z = p c 



so that F q PI F r = F 2 (assuming an embedding of ¥ q and F r in a common super- 
field) and gcd(g — 1, r — 1) — z — 1 (see ILemma 3.291) . We have to understand 



the number of solutions s of (3.15), in other words, the size of 

{s E F* : s r+1 - vs 



S(v, w) 



w 



0} 



for v = f Km /a, w = f Km -i/a G ¥ q . (3.15) is only used in stepO where m = r, 



as noted above. We have k — (j + l)/m in step [2] and hence f Km -i 7^ and 
Furthermore, we define for «GF, 



(3.22) 



T(u) = {te F„ x : t r+1 -ut + u = 0} 



In (3.15), we have w^O, but v might be zero. In order to apply a result 



from the literature, we first assume that also v is nonzero, make the invertible 



substitution s = — v 1 wt, and set u 
and 



v r+1 (-w)- r 



—v 



r+1 



W 



e F q . Then 



(3.23) 



VS 



W 



(-v- 1 w) r+1 (t r+1 -ut + u), 



#S(v,w) = #T(u) 



This reduces the study of S(v, w), with two parameters, to the one-parameter 
problem T(u). The polynomial t r+1 — ut + u has appeared in other contexts 
such as the inverse Galois problem, difference sets, and Muller-Cohen-Matthews 
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polynomials. IBluherl (120041 ) has determined the comb inatoria l properties that 
we need here; see her paper also for further references. iBluherl allows an infinite 
ground field F, but we only use her results for F = ¥ q . 
For i > 0, let 



(3.24) 



Q = #{u G F* : #T(u) = i}, 

Ci = #Q. 



Then Cj = for i > r + 1. IBluherl (120041 ) completely determines these q, as 
follows. 



Fact 3.25. With the notations (3.21 ) and (3.24), let I = {0, 1, 2, z + 1}. Then 



(3.26) 

where 
(3.27) 

and furthermore 
(3.28) 



ci = - - 7, 

z 

Ci = unless iG/, 



9 



7 



1 if g is even and e/c is odd 
otherwise, 



5> = 2 + E 



Proof. The claims are shown in lBluherl (120041 ) . Theorem 5.6. Her statement 



assumes tu ^ 0, which is equivalent to our assumption t ^ 0. (3.28) corresponds 



to the fact that the numbers q form the preimage statistic of the map from 
¥ q \ {0, 1} to ¥ q \ {0} given by the rational function x r+1 /(x — 1). 



□ 



c-2 



(3.26) and (3.28) also determine the remaining two values c and c 2 , namely 

= ^(q — 2 — ci — (z + l)c z+ i) and c = 1 + c 2 + zc z+ \. For large z, we have 

z + 1 N q ,„ 1 N g 

2' 



c 2 



2 V 







^ 3 — 2' 



2^ 



1 



Thus x r+1 /(x — 1) behaves a bit like squaring: about half the elements have 
two preimages, and about half have none. 

For the case v — 0, we have the following facts, which are presumably well- 
known. For an integer m, we let the integer v(m) be the multiplicity of 2 in 
m, so that m = 2 u ^m* with an odd integer m* . 
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Lemma 3.29. Let ¥ q have characteristic p with q = p e , r = p d with d > 1, 
b = gcd(g — 1, r + 1) and u> G F* . Then the following hold. 

(i) 

[b ifw {q ~ 1)/b = 1 
I otherwise. 

(ii) We let c = gcd(d, e), z = p c , 5 = v(d), e = v[e), a = u(r 2 — 1), (3 = 



A 



2 if 5 < e 
1 if 5 > e 



{1 if a > P, 
if a < p. 

Then gcd(r — l,q — 1) — z — 1 and 



b = 



(z x - 1) • 2" 
2- 1 



f2(* + i; 

2+1 

2 
1 



if 8 < e and a > (3, 
if S < e and a < /3, 
if S > e and a > (3, 
if 5 > e and a < [3. 



(Hi) Ifp is odd, then a > (3 if and only ife/c is odd. 



PROOF. (i) The power function y i— > y r+1 from to F^ maps b elements to 
one, and its image consists of the u e ¥ q with u^ l ^ b = 1. 



(3.30) 



(ii) For the first claim that 

gcd(g 



1, r 



we may assume, by symmetry, that d > e and let d = ie + j be the division 
with remainder of d by e, with < j < e. Then for 



xHx d i 



1) 



or 



x e - 1 



x e - 1 



G Z[x] 



we have 



x d - 1 



fa; 6 - 1) + (x J - 1) 
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By induction along the Extended Euclidean Algorithm for (d, e) it follows that 
all quotients in the Euclidean Algorithm for (x d — 1, x e — 1) in Q[x] are, in fact, 
in Z[x], hence also the Bezout coefficients, and that all remainders are of the 
form x y — 1, where y is some remainder for d and e. For c = gcd(d, e), there 
exist m, v, s, t £ Z[x] so that 



[x 



u-(x c - 1) 
v ■ (x c - 1) 
l)+t-(x e -l) 



x d -l, 
x e - 1, 
x c - 1. 



Substituting any integer q for x into these equations shows the claim (3.30) 
We note that gcd(2<i, e) = Ac and 



gcd(p d - l,p d + I) 



2 if p is odd, 
1 if p is even. 



When p is even, then applying (3.30) to q = p e and r 2 = p 2d , we find 



p AC -\ 



gcd((p d -l)(p d + l),p e -l) 

gcd(/ - l,p e - 1) • gcd(/ + 1,J9 6 - 1) 

(P c - 1) • 6, 



z + 1 if 5 < e, 
I if 5 > e. 



For odd p, the second equation above is still almost correct, except possibly 
for factors which are powers of 2. We note that exactly one of u(p d — 1) and 
v{jp d + 1) equals 1, and 

p Ac -l = gcd((/-l)(/ + l),p e -l) 

= gcd(p d - l,p e - 1) • gcd(p d + l,p e - 1) ■ 2^ 
= (p c - 1) • 6 ■ 2^, 
_ (p Ac - 1) • 2^ 
p c - 1 



(iii) We define the integers /c g and k r by 
1 W c - 1 



Q 



z 

,.2 



2-1 

(r + l)(z d / c - 1) 
7^1 



z elc ' x + ••• + ! 



(r + l)^- 1 + ■■■ + !) = (r + l)Av 
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Now r + 1 is even and z is odd. If e/c is odd, then k q is odd and hence 
a > (3. Now assume that e/c is even. Then d/c is odd, and so is k r . Hence 
v{r — 1) = v{z — 1), and we denote this integer by 7. If 7 > 2, then u(r + l) = 1 
and a = u(r + 1) + 7 < + 7 = /3. 

Now suppose that 7 = 1, and let r = v{z + 1) and m = (z + 1) ■ 2~ T . Then 
r > 2, m is an odd integer, and 

z 2 = (m2 T - l) 2 = -2 • 2 r + 1 = 2 T+1 + 1 mod 2 T+2 , 
r 2 = (z 2 ) d l c = (2 T+1 + l) d / c = 2 T+1 + 1 mod 2 T+2 , 
q = (z 2 ) e ' 2c = (2 r+1 + l) £ / 2c mod 2 r+2 . 

The last value equals 2 r+1 + 1 or 1 modulo 2 T+2 if e/2c is odd or even, respec- 
tively. In either case, it follows that a = v{r 2 — 1) = r + 1 < u(q — \)=(3. □ 



Theorem 3.31. Let ¥ g have characteristic p with q = p e , and take integers 
d > 1, r = p d , k = ar with p \ a, m > 2, n = km, c = gcd(d, e), z = p c , \i = 
gcd(r — 1, m), r* = (r — 1)///, and let G consist of the (g, h) as in \Theorem 3. 1 71 
Then we have the following lower bounds on the cardinality of ^ n ,k{G). 

(i) Ifr^m and /1 = 1: 



qk+ m-2 {l _ + -^2 (1 £ ) _ 

1 — q~ p 



(ii) Ifr^m: 



k+m—2 1 



q • 2 {^-q-\i + q- p+2 \_ q 4 m-q- k ) 
-- fc -r>-c/ e+2 (i-g- 1 ) 2 (i-g- r ' ( ^ 1) ) (1 - r * b - 2))) 

5 (l-q-^)(l-q-n { +q )] - 



(Hi) Ifr — m: 



k+m-2 {1 _ -1 )( 1 1+9^ 9^ _ -fc 1 9' P+1 _ f P+lLX!' 

H v y A 2 2,2 + 2 2 H 1-q-P H l-q-P- 



Proof. We have seen at the beginning of the proof of ITheorem 3.171 that 
steps ED and [2] determine j and k. We also know that, given g K and h m -\, the 
remaining coefficients of g and h are uniquely determined by those of /. 
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We count the number of compositions g o h according to the four mutually 
exclusive conditions in steps [3] through El for a fixed k. The admissible k are 
those with 1 < k < k and p j k. E 3 or E± are used if and only if either i G N 
or /«m = n — r, respectively. If neither happens, then the number of (g, h) is 

(3.32) <f (1 - q- 1 ) ■ q m ~\l - q' 1 ) = q K+m -\l - q' 1 ) 2 . 

E 3 is used if and only if k G K, where 

K = {k G N: 1 < K < k,p\ k, i G N, 1 < i < m}, 

which corresponds to steps 003 (where io = m— 1) and !6ldl (where io G N and 1 < 
i < m-2). For k G K, we have the condition [(318)] that {—K,g K /a)^~ 1 ^^ z ~ v > ^ 



1. The exponent is a divisor of q — 1, and there are exactly (g — l)/(z — 1) 

lals 

hi -t 1 ) 2 - 



values of g K that violate (3.18) Thus for k G K the number of (5, h) equals 

1 



(3.33) (q-1 



q-l 



1 



q*- 1 ■ q m -\l - q- 1 ) 



q K+m -\l 



The only usage of E4 occurs in step l5tal where k = (n—r)/m = k—r/m. We 
have seen in the proof of lTheorem 3.171 that this implies r = m and k = k — 1. 
We split G according to whether k = k — 1 or k < k — 1, setting 



G* = {(g,h) G G: k = k- 1 in (3.7)} 



We define three summands S12, S3, and S4 according to whether only E\ 
and El-, or also E 3 , or E4 are used, respectively: 



S 



12 



i<K<fc 



S 3 = 5>" 

k+m-2/ 



l-,-') 2 (l-— )), 



//»— l/'j ^ L\2 qK+m— 1| 

5 4 = g' c+m ^(l-g- 1 ) 2 -# 7?1 , fc (G*). 

We will see below that K = if r = to. Thus 

5*12 if r 7^ m and K — 0, 

#7n, fc (G)> <S 12 -S 3 ifr^ro, 
S12 — 5*4 if r = m. 
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The subtraction of 5*3 corresponds to replacing the summand (3.32) by (3.33) 



for K G K. Similarly, S4 replaces (3.32) for K = k — 1 by the correct value if E4 
is applied. 

Since p \ k, the first sum equals 

s 12 = q m - i (i- q - i n Yl v K - E ^ 

l<K<k l<n<k 

p\k 

= <r-\i - q-'n^ - 1 - {qP) T : 1 + 1) 

q — 1 q p — 1 

= q k+m -\l-q- 1 )(l-q- k ) 1 ~fj_ + p 1 

= q k+m ~\l - q-\l + q- ^'^J m ~ q~ k ). 

1 — q p 



For 5*3, we describe K more transparently. From |(3.8)| we find 
(3.34) 



Km — n 

1 < iq = h m < m — 1 

r — 1 



r — 1 r — 1 
k - (r - 1) H < k< k . 



(3.35) 



io G Z -<=r- (r — 1) I (/? — a)m. 



We have /i = gcd(r — l,m) and r* = (r — 1)//U, and set m* = m//i, so that 
gcd(r*, m*) = 1 and 



(3.34) fc — (r — 1) + — <K<k 

1 m * m * 



(3.35) 



r* I (ft — a)m* r* | (k — a). 



Since r* | A; — a = a(r — 1), we have 



(3.36) (3.35) -<=>- 3j G Z k = fc - (r - 1) + jr\ 



(3.37) (3.34) 



1 r - 1 1 
— < ? < <^> 1 < 7 < a - 1. 



mr 



Since fj, \ (r — 1) and r = p d , we have p \ \i. Thus 

(3.38) p I K 1 - L = 1 + ^ r ~ 1) = - (r - 1) + jr* = k = mod p 
j = /i mod p 3z G Z j = fi — ip, 

ji — 1 

>l<j = u — ip<u— 1 -<=>- 1 < i < I J . 

p 



(3.34) 
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Abbreviating jx* = — it follows that 

K = {k - (r - 1) + jr* : 1 < j < fi - 1} \ {k - ipr* : 1 < i < /j,*}. 
In particular, we have K = if \i = 1. Assuming /i > 2 and using 



z = p c = g C//e , we can evaluate 53 as follows. 

-,K+m— 1 



5, 



9 



E 

„m— 1 



1\2 



Z-l 



1\2 



(1 — 9 ) 



z- 1 



z-l 



E?" 

K6X 



-1\2 



"(9 



fe— (r— l)+r 



. {q r *y- 1 - 1 



k—pr' 



(q- pr *Y 



9 



/■■ + ,„-.-,--c/ e (l-g" 1 ) 2 (l-g" r ' (/i " 1) ) 

(i-r c/e )(i-<r'") 

(1 - q~ r *)(l - q-P T *^) 



-r*(p-l). 



< 



(1-9 

fc+m— 1— r*— c/ 



(1 - - g-P^*)' 

, , -■ e ( l-g- 1 ) 2 (l-g- r '°'- 1) ) 

(l-9" c/e )(l-9- r *) 



In order to evaluate S4, we first recall from the above that we have Km = 
n — r, k — k — 1, m = r, and any (g, /i) G G* is uniquely determined by 
f — g oh, gk-i, and fo m _i. To any h) G G*, we associate the field elements 



(3.39) 



V(d,ti) = h r m _ 1 + g k -i/a, 
W(g,h) = -gk-iKi-i/a, 
U(g,h) = -V(g,h) r+1 W(g,h)- r . 



Then if / = g o h, we have aV(g, h) = f n ~r, oW(g, h) = f n -r-i 0? an d for 
nonzero s G F q and i = —V(g, h) ■ W(g, h)~ 1 s, (3.23) says that 

(3l5)1 holds ^ s G S(F(#, /i), W(g, h)) t G T(C/(p, /i)). 



We recall the sets C; from (3.24) and for i G {1, 2, z + 1}, we set 

G i = {(g,h)eG: V(g, h) + 0, U(g, h) G Ci}, 
G = {( 5 ,/ J )eG:%/ l )=0}. 

Now let v G F*, i G {l,2,z + 1}, u G C;, and 5f fc _ 2 , . . ., gi, h m -2, ■ ■ ■, 
hi G F q . From these data, we construct (g, h) G Gi with g = J2i<i<k9 iXl ano - 
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h = J2i<i<m,hi xi an d Qk = h m = 1, so that only g^-\ and h m -\ still need to 
be determined. Furthermore, if / = g o h, we show that different data lead to 
different /. This will prove that 



(3.40) 



ln,k{Gi) >{q- l)c» ■ g 



fc+m— 4 



By assumption, we have and #T(u) = z > 1. We choose some t G T(u) 
and define w, s G F* by 



-f ~ 1 wt. 



Then s G S(t>, w) by (3.23) . We set h m -i = s and g^-i = av — as r . Now g and 



h are determined, and E 1 and -E2 imply that 



fn—r 
fn—r—1 

U(g,h) 



ah r m _ x + g K = aV(g, h) = av, 
-g K h m -i = aW(g, h) = -a(v 

„,r+l 



-v r+1 w- 



v^u- 1 )- 1 



s )s — a(s 
u. 



r+l 



— vs) 



aw, 



Suppose that (u, v) and (u, v) lead to (f n -r, fn-r-i) = ( a v, aw) and (f n -r, fn-r-i) 
(av, aw), and that the latter pairs are equal. Then v — v and u = —v r+1 w~ r = 



u. This concludes the proof of (3.40) 



—v r+ w~ r 

A similar argument works for G . We let b = gcd(g — 1, r + 1), take w£F 5 
with w( q ~ 1 ^ b = 1, and some s6F, with s r+1 = w. There are (q — \)/b such w, 
and according to Lemma 3.29(f) b such values s for each w. We set h m -i = s 
and gk-i = —ah T m _ 1 and, as above, complete them with arbitrary coefficients 
to (g,h) G G . When / = g o h, then / n _ r = and f n - r -i = -g k -ih m -i = 
aw = aW(g, h), and different w lead to different /. It follows that 



ah r+1 

uu m-l 



(3-41) 



7n,fc(G ) > 



q 



The images of G\, G2, G z+ \, and Go under 7^ are pairwise disjoint, since 
the map V x W x U : U i=0 x 2 z +i ^ — ► ^ is injective, and its value together 
with the lower coefficients of g and h determines /, again injectively. It follows 
that 



(3.42) J2 #7«,*(G,)> £ {q-l)c l -q k+m - A + q —±- q 



fc+m— 4 



i=0,l,2,«+l 



i=l,2,«+l 



(g-l)g fc+m - 4 ( £ 
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We write q = p e and set 



IFact 3.251 yields 



C z+ 1 



z if e/c is odd, 
z 2 if e/c is even. 



q - z* 



z 3 — z 



z A — z 



2 a = 2ci + (g - 2 - ci - (z + l)c 2+1 ) + 2c, +1 



1=1,2.2+1 



9 _ 2 + £_ 7 _ (z _ 1) Ll£. 

g-2+--7- , 

2 2T + Z 



#7n, fc (G*) > g fc+m " 3 (1 - q- l ){-{q -2 + ^-7 

2 2 



2T + 2 



We call the last factor 5. If e/ c is odd, then, in the notation of lLemma 3.29 
5 = v(d) > v(e) = e, so that b G {1,2}, and 

2 if p is odd, 
1 tip = 2. 

If p is odd, then 7 = and 2/6 — 7 = 1. If p — 2, then 7 = 1 and again 
2/6-7 = 2-1 = 1. It follows that 

O (7 — 2 2 . 1 z.. 

2B = q-2+ q -- \— + - - 7 = ?1 + — 1 - -))• 

2: 2 Z + 2: 2! + 1 q 



If e/c is even, then 7 = 0, b = z + 1 and 

- 2 2 



2fi=g-2+^ 



2; z 2 + z z + 1 
It follows that in all cases 

-1 



9(1 + -tt( 1 -:))- 



2+1 



1 1 

- 1 - fe+m-2/- 1 - ! 



rtjnAG*) > ^ +m -\l ~ q- L )(l + — y(l ~ ~)), 



Si<q 



k+m -\l ~ Q- 1 )^ ~ q- 1 ~ i(l + " Z -))) 



^(i-r^-^-^Ci-f)). 
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Together we have found the following lower bounds on #7 n> fc(G r ). If r ^ m 
and // = 1, then 

#7n, fc (G) > S 12 = q k+m ~ 2 (l - q-\\ + q- ^'jqj )^ 1 ~ «"*)• 
If r ^ m, then 

#7n, fc (G) > S 12 - 5 3 > g fc+m - 2 (l - q-\l + q-* 2 { \~_ 9 q *} 2 ~ 1- k ) 

k+m— k— 2r*— c/e 

q (1 ~ q-^)(l ~ I-'') [ q } 

= g fc+ - 2 ((l - q-\l + q- p+2 i \~J q - ] p 2 ~ a-*) 

g (l-g-^Xl-g-*) 1 +g J; ' 

If r = m, then 

#7n ifc (G) > S 12 -S,> q k+m -\l - q- l ){l - q- k ) l ~ q ' V ^ 

1 — q p 

_ ,-.-_!_(!_£)) 
= 9 *~-<i-,-')<I + I±£ + £ 

1 — g P 



Corollary 3.43. With the assumptions and notation of \Theorem 3.31[ the 
set D^ k of non-Frobenius compositions has at least the following size. 



(i) Ifr^m and /i—l: 

k+m {l - q- l ){l - q- k ){l - q-\l + q~^ (1 ~ Q ~J )). 

1 — q p 
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(ii) Ifr^m: 



qk+m{1 _ ^ ((1 _ 1(1 + ^ a (l q X ) 2 ))(1 _ fc) 

1 _ (7 P 



(i_ g - c / e)(1 _ g -^y 



-fc-r*-c/e+2 C[ 1 1 ) 2 (^- ? ? _^ + q~ r *' yP ~ 2 ^)^j 



> q k+m (l - q- 1 ) ((1 - q-\l + q- ^\ q ~ ] ))(1 - 

If furthermore r* > 2 and p > [i, then the latter quantity is at least 

qk+m{1 _ -ij ((1 _ + -^a (W^! ))(i - _ - g -i)2) . 

1 — q P 3 ' 

(Hi) Ifr = m: 

q k+m (l-q ) (- H h- <7 q p+ — ). 

H y H ' v 2 2^ + 2 2 y 1-q-P H l-q~P J 

Proof. All g and h considered in lTheorem 3.311 are monic and original, and 
so are their compositions /. We may replace the left hand component g of any 
(g, h) G G by (ax + b) o g, where a,b E¥ q are arbitrary with a ^ 0. Hence 

#D*>t?(l-q- 1 ).ihnj.(Cf), 



and the claims follow from ITheorem 3.311 For the first inequality in (ii) , we 
observe that c > 1 and 

(3.44) T ±^ T = < 1. 

' 1 - q~ c / e 1 - p- c ~ 

For the last estimate, we have 

q- r * < 1/4, 

q -r*{p-2) < ? _ r *( M _l^ 
(1 - g- r *^- 1 ))(l + g-^(P- 2 )) < 1(1 - □ 

3 
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The algorithm works over any field of characteristic p where each element 
has a pth root; in ¥ q , this is just the (g/p)th power. It even works over an 
arbitrary extension of F p , rather than just the separable ones, provided we 
have a subroutine that tests whether a field element is a pth power, and if so, 
returns a pth root. Then where a pth root is requested in the algorithm (steps 
Algorithm 3.14 step 3pal Algorithm 3.15 step Opal and Algorithm 3.15 step Qfcl) , 



we either return "no decomposition" or the root, depending on the outcome of 
the test. 



EXAMPLE 3.45. When n = p , then we have k = r = m = p in Corollary 3.43 (iii) 



and including the Frobenius compositions (Lemma 4.32(h) ), we obtain 

#D n > V(l - q-'fil + l±£l + q- 1 - 2q-f +1 ) + <f +1 (1 - q' 1 ) 
2 p+l 

In characteristic 2, the estimate is exact, since we have accounted for all 
compositions and a monic original polynomial of degree 2 is determined by its 
linear coefficient. Thus 

#A = a 4 - (| ■ (1 -q- 2 ) + q~ 2 ) = cv 4 • ^f^, 
3 

#£>4 = -at4 over F 2 , 

#£>4 = 77«4 over F 4 . 
Id 

Over an algebraically closed field, a quartic polynomial is decomposable if 
and only if its cubic coefficient vanishes; compare to Example 2.6 For p = 3, 
we find 

#A, > a 9 • (|(1 - q~ 2 ) + g" 3 ) = a 9 • (| - g" 2 ^ - g" 1 )), 
1 6 

#-Dg > 5= ■ "9 > 0.59259 a 9 over F 3 , 
451 

#A> > — • « 9 > 0.61065 a 9 over F 9 . 

ITable 6 .31 shows that these are serious underestimates of the actual ratios 
~ 0.8518 and 0.9542. In the same vein we find, when p = k and n = ap 2 > p 2 
with p \ a, that 

n 1 1 
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Example 3.46. In F 3 [x], we have, besides the eight Frobenius collisions ac- 
cording to lDefinition 3.31 four two-way collisions of degree 9: 



(x 3 + x) o (x 3 — x) — (x 3 — x) o (x 3 + x) 



(x 3 + x 2 ) o (x 3 — x 2 — x) 
(x 3 + x 2 + x) o (x 3 — x 2 ) 



(x 3 — x 2 + x) o (x 3 + x 2 ) 



fx 3 - x 2 ) o (x 3 + x 2 



X 



X 9 X 

x 9 + x 5 - x 4 + x 3 + x 2 , 
x 9 + x 5 + x 4 + x 3 - x 2 , 



(x 3 + x 2 + x) o (x 3 — x 2 + x) = (x 3 — x 2 + x) o (x 3 + x 2 + x) = x 9 + x 5 + X. 



Our general bounds of Theorem 5.2(i), Corollary 3.43 , and Example 3.45 
say that 



18 ■ 16 = 288 < 18 ■ 17 = 306 < #£> 9 = 414 = 18 • 23 < 486 = 18 ■ 27 = a 9 . 



4. Distinct-degree collisions of compositions 



In this section, we turn to the last preparatory task. Namely, for a lower 
bound on D n we have to understand D n i fl D n<n /£, that is, the distinct-degree 
collisions (3.2) when degg* = degh = I. In our application, £ is the smallest 
prime divisor of n. 

The following is an example of a collision: 



x w ox = x w (x ) — x o x w(x ), 

for any polynomial w G F[x,y], where F is a field (or even a ring). We define 
the (bivariate) Dickson polynomials of the first kind T m G F[x, y] by T = 2, 
Ti = x, and 



(4.1) 



T m = xT m _i - ?/T m _ 2 for m > 2. 



The monograph of lLidl et al. fll993h provides extensive information about these 
polynomials. We have T m (x, 0) = x m , and T m (x, 1) is closely related to the 
Chebyshev polynomial C n = cos(n arccos x), as T n (2x, 1) = 2C n (x). T m is 
monic (for m > 1) of degree m, and 



E 

0<i<m/2 



m m 



m 



(- y y x ™~* e F[x, y }. 



Furthermore, 

(4.2) T m (x, y e ) o T £ (x, y) = T £m (x, y) = T £ (x, y m ) o T m (x, y), 
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and if £ ^ m, then substituting any z G F for y yields a collision. 

Ritt's Second Theorem is the central tool for understanding distinct-degree 
collisions, and the following notions enter the scene. The functional inverse 
v ~ 1 of a linear polynomial v = ax + b with a, b G F and a 7^ is defined as 



(x — b)/a. Then v 1 o v 



v o v 



x. Two pairs (g,h) and (g*,h*) of 



polynomials are called equivalent if there exists a linear polynomial v such that 

g* = g o v, h* = v^ 1 o h. 

Then g> o h = g* o h*, and we write (g,h) ~ (g*,h*). The following result 
says that, under certain conditions, the exampl es above are essentially the only 
distinct-degree collis ions. It was fir st proved by Rittl ( 1922 ) for F = C. We use 
the strong vers ion of lZannierl ( 119931 ). adapted to finite fileds. The adaption uses 
Schinzell (|2000l ). Section 1.4, Lemma 2, and leads to his Theorem 8. Further 
references can be found in this monograph as well. 

Fact 4.3. (Ritt's Second Theorem) Let £ and m be integers, F a Geld, and g, 
h, g*,h* e F[x] with 

(4.4) m > £ > 2, gcd(£, m) = 1, deg g = deg h* = m, deg h = deg g* = £, 



(4.5) g'(g*y ± 0, 
where g' = dg/dx is the derivative of g. Then 

(4.6) goh = g* oh* 
if and only if 

3k 6 N, Vi, v 2 G F[x] linear, w G F[x] with k + £degw = m, z G F > 
so that either 



{yi o g, h o v 2 ) ~ (x k w e , x e ) 



First Case 



{vi o g*, h* o d 2 ) ~ (x\ x k w(x e )), 



or 



Second Case 



(t>i o g, h o v 2 ) ~ (T m (x, z e ),T e (x, z)), 
(«i og*,h* o v 2 ) ~ (T £ (x, z m ), T m (x, 2;)). 
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In principle, one also h as to consider the First Case with (g, h, m) and 



(g*,h*,£) interchanged; see IZannierl (119931 ). Main Theorem (ii). Then k + 



mdegw = I and hence deg w — 0. But this situation is covered by the First 
Case in lFact 4~3l with k = m. We note that the conclusion of the First Case is 
asymmetric in I and m, but in the Second Case it is symmetric, so that there 
the assumption m > £ does not intervene. 

According to lRemark 2.21 we may assume h and h* to be monic and original. 
If one of g or g* is also monic and original, then so is the other one, and also 



the composition (4.6) It is convenient to add this condition: 



(4.7) f — g oh, and g, h, g*, h* are monic and original. 

The transition between the general and this special case is by left composition 
with a linear polynomial. 

The following lemma about Dickson polynomials will be useful for deter- 
mining the number of collisions exactly. We write T' n (x,y) = dT n (x,y)/dx for 
the derivative with respect to x. 



Lemma 4.8. Let F be a Geld of characteristic p > 0, n > 1, and z e F x . 

(i) If p = 0, or p > 3 and gcd(n,p) = 1, then the derivative T' n {x,z) is 
squarefree in F[x]. 

(ii) If p = or gcd(n, p) = 1, and n is odd, then there exists some monic 
squarefree u G F[x] of degree (n — l)/2 so that T n (x, z 2 ) — (x — 2z) ■ u 2 + 
2z n . 

(iii) Let 7 = (— 2/) L " /2J . T n is an odd or even polynomial in x if n is odd or 
even, respectively. It has the form 




x n — nyx n 2 H • • + 72; if n is odd, 

x n — nyx 11 " 2 H — • • • + 27 if n is even. 



(iv) Ifp > 2, then T pJ = x pJ for j > 0. 

(v) Ifp>2 and p \ n, then T' n = 0. 

(vi) For a new indeterminate t, we have t n T n (x, y) = T n (tx, t 2 y). 

(vii) T n (2z,z 2 )=2z n . 
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PROOF, [ml IWilliamd (1197ll ) and Corollary 3.14 of iLidl et all (Il993h show 



that if F contains a primitive nth root of unity p, then T' n (x,z)/nc factors 

over F completely into a product of quadratic polynomials (x 2 — a k z), where 

1 < k < n/2, the a k = p k + p~ k are Gauft periods derived from p, and the 

a\ are pairwise distinct, with c = 1 if n is odd and c = x otherwise. We 

note that ot k = a n -k- We take an extension E of F that contains a primitive 

nth root of unity and a square root z of z. This is possible since p = 

or gcd(n,p) = 1. Thus x 2 — a\z = (x — a k z )(x + a k z ) : and the ±a k z for 

1 < k < n/2 are pairwise distinct, using that p ^ 2. It follows that T^(x,z) 

is squarefree over E. Since squarefreeness is a rational condition, equivalent to 

the nonvanishing of the discriminant, T' n {x, z) is also squarefree over F. 

For (ii) , we take a Galois extension field E of F that contains a primitive nth 

pk _|_ p-k an( j p k _ pk _ p-k f or a jj fc g^ We have 



root of unity p, and set a k 
Tj2z z 2 ) = 2z n byRvii 
(jl993l ) states that 



proven below, and Theorem 3.12(i) of ILidl fc Mullen 



2z r 



2z 



n 1 

l<fc<n/2 



2„2> 



2afcZX + 4z + /3 fc z 



see also iTurnwaldl (119951 ), Proposition 1.7. Now —al + A + /3 l 



M = Ul<k<n/2( X ~ Q k Z ) ^ E [ X \- Tnen £ 2 ) ~ 2z 



(p k - p~ k ) 2 + 4 = 0, so that x 2 - 2a k zx + Az 2 + f3 2 k z 



-(p k + p- k ) 2 + 
(x — a k z) 2 . We set 

i ' , -<n/2V ay ^k^j ^ j - / l^j • x xxcn -L n yXj z J l^z = [x 2z^u , and u is 
squarefree. It remains to show that u G F[x}. We take some cr G Ga^-E : F). 
Then er(p) is also a primitive nth root of unity, say a(p) = p % with 1 < % < n 
and gcd(i, n) = 1. We take some k with 1 < k < n/2, and j with ik = j mod n 
and < \j\ < n/2. Then a(a k ) = a\j\. Hence, a induces a permutation on 
{«!,..., «( n _i)/ 2 }. It follows that 



u = W { x 

l<fc<n/2 



l<fc<n/2 



Since this holds for all a, we have u G F[x] 



iii) follows from the recursion (4.1) , and (iv) from lLidl et al\ (11993I ). Lemma 



2.6(iii). {v\ follo ws from (4.2) and (iv) The claim in (vi) is Lemma 2.6(ii) of 
Lidl et al\ ( 119931 ) . It also follows inductively from (4.1), as does (vii) □ 



In the following, we present several pairs of results. In each pair, the first item 
is a theorem, valid over fairly general fields, that describes the structure of 
distinct-degree collisions. The second one is a corollary, valid over finite fields, 
giving bounds on the number of such collisions. We start with the following 



34 Joachim von zur Gathen 



normal form for the decompositions in Ritt's Second Theorem. The uniqueness 
result is not obvious, as witnessed by the quotes in the Introduction. 

Theorem 4.9. Let F be a Geld of characteristic p, let m > £ > 2 be inte- 
gers, and n = £m. Furthermore, we have monic original f,g,h,g*,h* G F[x] 



satisfying (4.4) through (4.7). Then either (i) or (ii) hold, and (Hi) is also valid 



(i) (First Case) There exists a monic polynomial w G F[x] of degree s and 
c G F so that 



(4.10) 



f = (x - <rV(cf )) o arW(ar) o (x + a) 



where m = s£+k is the division with remainder ofm by £, with 1 < k < £. 
Furthermore 



(4.11) 



kw + £xw' 7^ and p \ £, 

g = (x — a M w\a 1 )) o x k w e o (x + a 1 ), 

h = (x — a 1 ) o x o (x + a), 
g* = (x - a ke w e (a e )) o x l o (x + a k w(a £ )), 
h* = (x - a k w(a e )) o x k w(x l ) o (x + a). 



Conversely, any (w,a) as above for which (4.11) holds yields a collision 



satisfying (4.4) through (4.7), via the above formulas. If p \ m, then 
(w, a) is uniquely determined by f and £. 

(ii) (Second Case) There exist z,a G F with z ^ so that 

(4.12) f = (x- T n (a, z)) o T n (x, z)o(x + a). 

Now (z, a) is uniquely determined by f. Furthermore we have 

(4.13) p\n, 

g = (x- T n (a, z)) o T m (x, z l ) o (x + T e (a, z)), 

h—(x — Ti(a, z)) o Te(x, z) o (x + a), 
g * = ( x - T n (a, z)) o T e (x, z m ) o(x + T m (a, z)), 
h* = (x - T m (a, z)) o T m (x, z)o(x + a). 



Conversely, if (4.13) holds, then any (z,a) as above yields a collision 



satisfying (4.4) through (4.7), via the above formulas 
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(Hi) When £ > 3, the First and Second Cases are mutually exclusive. For 
£ = 2, the Second Case is included in the First Case. 

Proof. By assumption, either the First or the Second Case of Ritt's Second 
Theorem (IFact 4.31) applies. 

(i) From the First Case in IFact 4.31 we have a positive integer K, linear 
polynomials v±, v 2 , v 3 , v 4 and a nonzero polynomial W with d = degW = 
(m — K)/£ and (renaming v 2 as v 2 v ) 

X K W l = Vi o g o v 3 , 

I —1 i —1 
x = v 3 o ho v 2 , 

X £ = V i o g* o t> 4 , 

x K W(x e ) =vl 1 oh* ov 2 \ 

We abbreviate r = \c(W), so that r ^ 0, and write V{ = a^x + 6, for 1 < i < 4 
with all a i7 bi G F and Oj ^ 0, and first express t> 3 , t> 4 , and t>i in terms of v 2 . 
We have 

h = v 3 o x e o v 2 = a 3 (a 2 x + b 2 ) + h, 

h* = v 4 o x K W(x e ) ov 2 = a 4 (a 2 x + b 2 ) K ■ W((a 2 x + b 2 f) + 6 4 . 
Since h and /i* are monic and original and K + id = m, it follows that 

a 3 = a 2 \ b 3 = -a 2 e b 2 , a 4 = a 2 m r~ l , b 4 = -a 2 m b^r~ x W {b l 2 ). 
Playing the same game with g, we find 

g = v^ 1 o x K W e o v- 1 = a ^((?—^) K W e (?—^) - h) , 

a 3 a 3 

a\ = a 2 r e , 

h = brw\bi). 

We note that then 

g* = v^ox i ov; 1 = aT 1 ((^y-b 1 ) 

CL 4 

is automatically monic and original. Furthermore, we have d = (m — K)/£ < 
\m/£\ = s and 

(4.14) / = V^ 1 o (vi o g o v 3 ) o (<y~ 1 ofto w^ 1 ) o t> 2 = f^ 1 o a;*" • W\x^ o v 2 . 
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We set 



b 2 _ „ .h vi 

— G r, U\ = X-\ = — , U 2 

0,2 d\ CL\ 



V 2 

x + a = — , 
a 2 



w = r a x 



W(a e 2 x) G F[x]. 



Then b\ja\ = a ke w e (a e ), w is monic of degree s, u l 1 = x — bxja\ = x—a ki w i (a e ), 
and 



(4.15) 



W(x) = \c{W)a l 2 s x- {s - d) w(a^x). 



Noting that m = id + K = is + k, the equation analogous to (4.14) reads 



— 1 hf Pi f\ — 1 L 

u x O X w (x ) o u 2 = CLi ■ v x O X 



a 2 



.,„../...,,. -j. m x* 2{s - d) wy ^) _ v 2 

a de 2 r (: 

(i-> (i-j r/:-r r 



V l ° a 2 r ■ {—) ■ {—) ■ „ M 2 o 



(4.16) 



^r 1 o x Ki ■ w\x e ) o V2 = f. 



This proves the existence of w and a, as claimed in (4.10) 

In order to express the four components in the new parameters, we note 
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that K 



h* 



k + £(s-d). Thus 

= ^r 1 o x K w e o ^3 1 



(r^a2 n x - a fc V(</)) o {a{{x + c/)) X • W e (a e 2 (x + a £ )) 
r^a 2 - n (af (x + a e ) K ■ r l a^af (a - d \x + a^^V^ + a')) 



- a M w\a l ) 
-n+Ke+e 2 s~e 2 s+e 2 d/ 



a 2 " [x + a e ) K ~ es+U w £ (x + a") - a k V(ca") 

(x + a e ) k w £ (x + a 1 ) - a kl w e (a e ) 
(x - a M w e (a e )) o x k w e o (x + </), 

f —f/ 7 \ f — f 7 f 

t> 3 o x o t> 2 = a 2 (a2X + 02) — a 2 o 2 
(s — a 1 ) o x o (x + a), 



v l o x o v 4 



[r a 2 x — a w [a 
(x + r -i a - m h R . ra * 6 j<(-<0 w ( a *))* _ a H w\a £ ) 

(x + a 2 k b 2 w(a e )) e - a ke w e (a e ) 

(x - a ke w e (a e )) o x e o (x + a k w(a e )), 

t> 4 o x K W(x e ) o t> 2 

(r-'a^fi - 6f iy(6 £ 2 ))) o (a 2 (x + a)) K W(ai(x + a)') 
r~ l a 2 m ■ ra £ 2 s ■ ((of (x + a) K (a l 2 (x + a) e ))-^w((x + a) e ) 



b«b 2 ^ w { a 1 )) 



a 2 k (at e(s ' d \x + a) K ~^w((x + a) 1 ) - b^ i{s - d) w(a e )) 
(x + a) k w((x + a) e ) - a k w(a e ) 
(x - a k w(a E )) o x k w(x E ) o (x + a). 



(4.10) has been shown above. We note that in the right hand component x + a, 



the constant a is arbitrary. All other linear components follow automatically 
from the required form of g, h, g*, h* , namely, being monic and original, and 
from the condition that g and h (and g* and h*) have to match up with their 
"middle" components. Furthermore, we have 

= g' = (x k ~ l w l ~ l {kw + £xw')) o(x + a 1 ) kw + Ixw' = 0, 
= (g*)' = ix 1 - 1 o [x + a k w{a 1 )) p | I 



(4.17) 



Thus (4.11) follows from (4.5) 
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In order to prove the uniqueness if p \ n, we take monic w, w G F[x] of 
degree s, and a, a e F and the unique monic linear polynomials v and v for 
which 



v o x ke w e (x E ) o (x + a) 



v o x ki w e (x £ ) o (x + a) 



(4.18) / 

By composing on the left and right with v~ l and (x + a) -1 , respectively, 
and abbreviating u 



v 1 o t> , we find 



x M w i (x i ) =v 1 ov o x M w l (x e ) o (x + a) o (x - a) 
= u o x ke w e (x e ) o (x + a — a). 

Since £ > 2 and the left hand side is a polynomial in x £ , its second highest 
coefficient (of x n ~ l ) vanishes. Equating this with the same coefficient on the 
right, and abbreviating a* = a — a, we find 

= k£a* + sfa* = na*, 

so that a* = 0, since p\ n. Thus a = a and 

x he w e (x e ) = u o x H w e (x e ) = u o o x e , 



h —f f 

X W O X 



x k w l 



k P 

u o x w . 



Now x k w l and are monic and original, since k > 1. It follows that u = x 
and w/ = Both polynomials are monic, so that w = w, as claimed. (The 
equation for h in Theorem 4.9(i) determines a uniquely provided that p \ £, 
even if p \ m. However, the value of h is not unique in this case.) 
Conversely, we take some (w, a) satisfying 



via the formulas in (i) Then (4.4), (4.6), and 
p 



(4.11) and define /, g, h, g*, h* 



(4.7) hold. As to (4.5), we have 



from (4.11), and hence (g*)' ^ 0. Furthermore, 

(kw + £xw') 7^ 0, 



(x k w e y 



x k - x w'- x 



so that also g' ^ 0. 

In the Second Case, again renaming v 2 as , and also z as z 2 , we have 



ii 



from lFact 4.31 



T 


(x 


4) 


= Vi 


ogov 3 , 






(x 




= V 3 


1 oho 


•) 




X, 


Z?) 


= Vi 


og* o v 4 , 




T 


(;r 




= vl 


1 o h* o v 2 


1 

? 






h 


= v 3 


oT e (x,z 2 ) 


v 2 






h* 


= f 4 


oT m (x,z 2 


) °v 2 
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As before, it follows that 



a 3 = a 2 e , 6 3 = -a 2 e Ti(b 2 ,z 2 ), a^ = a 2 m , b 4 = -a 2 m T m (b 2 , z 2 ). 



Furthermore, we have 



g = v 1 oT m (x,z 2 ) ov 3 = a x (T m (a 3 (x - 63), z 2 ) - h), 

CL\ = Q 2 , 

61 = T m (T £ (6 2 , z 2 ), z 2 ) = T n (b 2 , z 2 ), 
f = ( a 2 n ( x - T n (b 2 , z 2 ))) o T n (x, z 2 ) o (a 2 x + b 2 ). 



We now set a = b 2 /a 2 and z = z 2 /a 2 and show that the preceding equation 



holds with (1, a, z) for (a 2 , b 2 , z 2 ). Lemma 4.8(vi) with t = a 2 1 says that 



a 2 n T n (a 2 x + b 2 ,z 2 ) = T n (x + a, z), 
a 2 n T n (b 2 ,z 2 ) = T n (a, z), 

f = ( x - T n (a, z)) o T n (x, z)o(x + a). 



Thus the first claim in (ii) holds with these values. In the same vein, applying 
Lemma 4.8(vi) with t equal to a 2 1 ,a 2 e ,a 2 m ,a 2 1 , respectively, yields 



a 2 e T e (a 2 x + b 2 , z 2 ) = T e (x + a,z), 
a 2 n T m (a 2 x + T e (b 2 , z 2 ), z l 2 ) = T m (x + a 2 %(b 2 , z 2 ), z e ) 

= T m (x + T e (a, z),z e ), 
a 2 n T,{a^x + T m (b 2 , z 2 ), z™) = T t {x + a 2 m T m (b 2l z 2 ), z m ) 



T e (x + T m (a,z),z m ), 



a 2 m T m (a 2 x + 6 2 , z 2 ) = T m (x + a,z). 
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For the four components, we have 

9 = v^ 1 oT m (x,z 2 ) 

= a 2 n (x - T n (b 2 , z 2 )) o T m (x, z 2 ) o (a^ + T e (b 2 , z 2 )) 

= a 2 n T m (a l 2 x + T e {b 2 , z 2 ), z e 2 ) - a 2 n T m {T e {b 2 , z 2 ), z e 2 ) 

= T m (x + T £ (a, z), z e ) - T n (a, z) 

= (x- T n (a, z)) o T m (x, z l ) o(x + T e (a, z)), 
h = v 3 o T E (x, z 2 ) ov 2 = a 2 e T e (a 2 x + b 2 , z 2 ) - a 2 e T e (b 2 , z 2 ) 

= a 2 \x - T £ (b 2 , z 2 )) o T t (x, z 2 ) o (a 2 x + b 2 ) 

= T e (x + a,z) - T e (a, z) 

= (x - Tg(a, z)) o T £ (x, z)o(x + a), 
g* = v?oT t (x,z?)ov? 

= a 2 n (x - T n (b 2 , z 2 )) o T e {x, z™) o (a^x + T m (b 2 , z 2 )) 

= a 2 n T t {a%x + T m (b 2 , z 2 ), z™) - a 2 n T n (b 2 , z 2 ) 

= T e (x + T m (a, z), z m ) - T n (a, z) 

= (x- T n (a, z)) o T e (a, z m ) o (x + T m (a, z)), 
h* = v 4 oT m (x,z 2 ) ov 2 

= a 2 m (x - T m (b 2 , z 2 )) o T m (x, z 2 ) o (a 2 x + b 2 ) 

= a 2 m T m (a 2 x + b 2 , z 2 ) - a 2 m T m (b 2 , z 2 ) 

= T m (x + a,z) -T m (a,z) 

= (x - T m (a, z)) o T m (x, z) o (x + a). 

0^g' = T^(x,z e )o{x + T e {a,z)), 



Since 



Lemma 4.8(v) implies that p\m. Similarly, the non-vanishing of (g*)' implies 



that p] £, and |(4.13)| follows. 

Next we claim that the representation of / is unique. So we take some 
(z, a), (z*, a*) e F 2 with zz* ^ and 

(4.19) 

(x — T n (a, z)) o T n (x, z) o (x + a) = (x — T n (a*, z*)) o T n (x, z*) o [x + a*). 



Comparing the coefficients of x n ~ x in (4.19) and using Lemma 4.8 (iii) yields 
na = na*, hence a = a* , since p\n. We now compose (4.19) with x — a on the 
right and find 



(x - T n (a, z)) o T n (x, z) = (x- T n (a, z*)) o T n (x, z*). 
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Now the coefficients of x n yield — nz = —nz*, so that z 



The converse claim that any (z, a) with 2^0 and (4.13) yields a collision as 
prescribed follows since (4.13) and Lemma 4.8(v) imply that T' m {x, z £ )T^(x, z m ) ^ 
0. 



(iii) We first assume £ > 3 and show that the First and Second Cases are 



mutually exclusive. Assume, to the contrary, that in our usual notation we 
have 

(4.20) / = v 1 o x kt w e (x e ) o( x + a) =v 2 o T n (x, z) o (x + a*), 

where V\ and v 2 are the unique linear polynomials that make the composition 
monic and original, as specified in (i) and (ii) Then 

/ = o x k w e o (x + a 1 )) o ((x + a) 1 - a 1 ) 
= {v 2 o T m (x + T e (a*, z), /)) o (T e (x + a*,z) - T e (a* , z)). 



These are two normal decompositions of /, and since p \ m by (4.13), the 
uniqueness of Fact 3.1 (i) implies that 



(4.21) 



h 
ti 



(x + a) —a = Ti(x + a* , z) — Ti(a* , z) , 
PAx + af- 1 = T!(x + a*z). 



If p = or p > 3, then according to Lemma 4.8 (i) , T[(x,z) is squarefree, 
while (x + a) 1 ' 1 is not, since £ > 3. This contradiction refutes the assumption 



(4.20) 



If p = 2, then £ is odd by 



(if necessary), Lemma 4.8(if 



(4.13) After adjoining a square root z of z to F 



implies that Tj,(x, z) = ((x - 2z )u 2 + 2z$)' 



u 



has (£ — 1)/2 distinct roots in an algebraic closure of F, while (x+a) 1 ' 1 has only 
one. This contradiction is sufficient for £ > 5. For £ = 3, we have T 3 = x 3 — 3yx 
and there are no a, a*, z G F with z ^ so that 



x 3 + ax 2 + a 2 x 



[x + ay — a' J = (x + a"y — 3z(x + a*) — ((a*) — 3za*) 
x 3 + a*x 2 + ((a*) 2 + z)x. 



Again, (4.20) is refuted. 

For £ = 2, we claim that any composition 

f = v 1 o T m (x, z 2 ) o T 2 (x, z) o v 2 

of the Second Case already occurs in the First Case. We have T 2 = x 2 — 2y. 
Since m is odd by (4.4) and p \ m by (4.13), Lemma 4.8(h) guarantees a 
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monic u G F[x] of degree d — (m — l)/2 with T m (x,z 2 ) = T m (x, (— z) 2 ) 
(x + 2z)u 2 — 2z m . Then for u = u o (x — 2z) we have 

/ = Vl o ((x + 2z)u 2 - 2z m ) o (x 2 - 2z) ov 2 = («i - 2z m ) o xV(x 2 ) o u 2 , 



which is of the form (4.10) , with k = m — 2d = 1. 



□ 



Remark 4.22. Other parametrizations are possible. As an example, in the 
Second Case, for odd q = p, one can choose a nonsquare z G F 
B = {1,. 



(q — l)/2}. Then all f in (4.12) can also be written as 



W q and 



f = b n (x - T n (a, z)) o T n (x, z) o (bx + a) 



with unique (z, a, b) G {1, z } x F x B = Z . To wit, let z,a G F with z ^ 0. 
Take the unique (z*,a*,b) G Z, so that z* = b 2 z and a* = ab. Then z* 
is determined by the quadratic character of z, and b by the fact that every 
square in F x has a unique square root in A; the other one is —b G F x \ A. 



Lemma 4.8(vi) says that 



b n T n (x,z) = T n (bx,z*), 



(x — T n (a, z)) o T n (x, z) o [x + a) 



b~ n {x - T n (a*, z*)) o T n {bx, z*) o ( x + a) 
b~ n {x - T n (a*, z*)) o T n (x, z*) o (bx + a*), 



as claimed. If F is algebraically closed, as in \Zannien fJ 993) . we can take 
z = 1 . The reduction from finite fields to this case is provided by Schinzel 
bond) . Section 1.4, Lemma 2. 



Remark 4.23. Given just f G F[x], how can we determine whether Ritt's 
Second Theorem applies to it, and if so, compute (w, a) or (z, a), as appropri- 
ate? We may assume f to be monic and original of degree n. The divisor £ of 
n might be given as a further input, or we perform the following for all divisors 
£ of n with 2 < £ < y/n and gcd(£,n/£) = 1. If p \ n, the task is easy. We 
compute decompositions 

f = goh = g*oh* 

with degh = degg* = £ and all components monic and original. If one of 
these decompositions does not exist, Ritt's Second Theorem does not apply; 



Counting decomposable univariate polynomials 43 



otherwise the components are uniquely determined. Ifhe-i is the coefficient of 



x 



e-i 



in h, then a = h^i/i in (4.10) Furthermore, 

= - a k W(a l ) 



go(x-a e )- g(-a e ) 



k P 

X w , 



from which w is easily determined via an x-adic Newton iteration for extracting 
an Ith root of the reversal of the left hand side, divided by x k . Actually only 
a single Newton step is required to compute the root modulo x 2 . 

If the Second Case applies, then by Lemma 4.8(iii) the three highest coef- 
ficients in f are 



f = X n + fn-.X^ 1 + f n . 2 x' 

= (x + a) n — nz(x + a 

,n(n — 1 



n-2 



„n— 3\ 



" - A " 2 ■ ()(.r" 1 



x n + nax n ~ l + (- 



0(x r ' 
[x n - 

2 -nz)x n - 2 + 0{x n - 3 ); 



this determines a and z. 



Remark 4.24. If p \ n, then we can get rid of the right hand component 
x + a by a further normalization. Namely, when f = x n + J2o<i< n fi x ^ then 
f o (x + a) = x n + (na + / n _i)x n_1 + 0(x n ~ 2 ). We call f second-normalized 
if f n -i = 0. (This has been used at least since the times of Cardano and 
Tartaglia.) For any f, the composition f o (x — f n ~i/ n ) is second-normalized, 
and if 

(4.25) deg g = m and f = goh = x n + mh n / m _ix n ~ 1 + 0(x n ~ 2 ) 

is second-normalized, then so is h (but not necessarily g). 

Corollary 4.26. In \Theorem 4.9\ ifp\n and f is second-normalized, then 
all claims hold with a = 0. 



Example 4 . 27. W e note two instances of misreading Ritt's Second Theorem. 



Bodin et al. ( 


2009) claim in 


situation of 


Corollary 4.30(i) 



of q is unbounded. A second instance is in iCorrales-RodriganezI (I1990I ). The 
author claims that his following example contradicts the Theorem. He takes 
(in our language) positive integers b, c, d, t, sets m = bp c + d, and £ = p c + 
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1, elements h ,...,h t G F, where c < p and t£ < m and F is a field of 
characteristic p > 0, and 



h = h., 



x m ~ il 



0<i<t 



g* = hihjx™-^-' . 



o<i,j<t 

Then 

x o n = g ox, 

provided that all hi are in F p n. If d > b, we have m = M + (d — b), so that s = b 
and k = d — b. 

Applying ITheorem 4.91 we find w = J2o<i<t hiX b ~ l and a = 0. Then 

ft, = x 4 w(a; ), 
g* = x k w l . 

Thus the example falls well within Ritt's Second Theorem. IZannie 
points out that this was also remarked by A. Kondracki, a student of Andrzej 
Schinzel. 

For the arguments below, it is convenient to assume F to be perfect. Then 
each element of F has a pth root, where p > 2 is the characteristic. Any finite 
field is perfect. 

For the next result, we have to make the first condition in (4.11) more 
explicit. 

Lemma 4.28. Let F be a perfect field, t and m positive integers with gcd(£,m) = 
1, m = is + k and s = tp + r divisions with remainder, so that 1 < k < £ and 
< r < p, and w £ F[x] monic of degree s. Then 

(4.29) p \i and kw+£xw' = <^=^ p \ m and 3u G F[x] w = x r u p , u monic. 



If the conditions in (4.29) are satisfied, then u is uniquely determined. 

Proof. For "=>", we denote by the ith derivative of w. By induction 
on i > 0, we find that 

(k + i£)w (i) + £xw {i+1) = 0, 
{k + i£)w {i) {0) = 0. 
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Now p \ s — i for < i < r, p\m = k + is = \c(kw + ixw'), and p \ I. Thus 

p \ m - (s - i)£ = k + is - is + ii = k + ii 

for < % < r, and hence tt)W(O) = for these i. Since r < p, this implies that 
the lowest r coefficients of w vanish, so that x r \ w and v = x~ r w G F[x). Then 

iv' = i(—rx~ r ~ 1 w + x~ r w') = x~ r ~ 1 (—irw — kw) 

= —x~ r ~ 1 w ■ (£r + k) = — x~ r ~ l w ■ (m — i(s — r)) = 0. 

This implies that v ' = and v = u p for some u G F[x], since F is perfect. 
For "<^=", p\i follows from gcd(£, m) = 1, and we verify 

kw + ixw' = kx T u v + ix ■ rx r ~ 1 u p = x r u p (k + ir) 
— w ■ (m — i(s — r)) = 0. 

The uniqueness of u is immediate, since x r u p = x r u p implies u = u. □ 

We can now estimate the number of distinct-degree collisions. If p\ m, the 
bound is exact. We use Kronecker's 5 in the statement. 

Corollary 4.30. Let ¥ q be a Unite field of characteristic p, let i and m 
be integers with m > i > 2 and gcd(£, m) = 1, n = im, s = [m/i\, and 
t = #{D n j n D n ^ m n D+). Then the following hold. 

(i) Ifp\n, then 

t = (^+3 + (1 _ M(g 4_ g 3 ))(1 _ g -l )) 

g s+3 (l - q- 1 ) < t < (q s+3 + g 4 )(l - q' 1 ). 

(ii) Ifp\i, then t = 0. 
(Hi) Ifp\m, then 

t<(q s+3 -q^M +3 )(l-q~ l ). 



Proof. (i) The monic original polynomials / G D n ^ PI D n m fl = T fall 



either into the First or the Second Case of Ritt's Second Theorem. In the 



First Case, such / are injectively parametrized by (w, a) in Theorem 4.9(i) 



Condition (4.11) is satisfied, since p\m = k + is = \c(kw + ixw'). Thus there 
are q s+1 such pairs. Allowing composition by an arbitrary linear polynomial on 
the left, we get g s+3 (l — q~ x ) elements of T. In the Second Case, we have the 
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parameters (z, a), q 2 {l—q~ 1 ) in number, from Theorem 4.9(ii) Composing with 
a linear polynomial yields a total of q 4 (l — q^ 1 ) 2 - Furthermore, Theorem 4.9 (iii) 
says that t equals the sum of the two contributions if t > 3, and it equals the 
first summand for £ = 2; in the letter case, we have p ^ 2. Both claims in (i) 
follow. 

0. 



(ii) (4.11) and (4.13) are never satisfied, so that t 



(iii) We have essentially the same situation as in (i) , with p \ £ and (w, a) 
parametrizing our / in the First Case, albeit not injectively. Thus we only 
obtain an upper bound. The first condition in (4.11) holds if and only if w is 
not of the form x r u p as in (4.29) We note that degw — (s — r)/p = [s/p\ in 
(4.29) , so that the number of (w, a) satisfying (4.11) equals q s+1 — gL s /pl +1 . Since 
p | m | n, (4.13) does not hold, and there is no non-Frobenius decomposition 
in the Second Case. □ 



Example 4.31. 



Bodin et al. ( 


2009) claim in 


situation of 


Corollary 4.30(1) 



7 5 in the 



expon ent s + 3 of q is unbounded. A second instance is in iCorrales-Rodriganez 
fj 19901 ) . The author claims that his following example contradicts the Theorem. 
He takes (in our language) positive integers b, c, d, t and elements h , . . . , h t E F 
and sets m = bp c + d and £ = p c + 1, where c < p, t£ < m, and F is a field of 
characteristic p > 0. Then for 



h = fl; L X 
0<i<t 

g* = 2j hihj 

o<i,j<t 



m—il 



X 



m—ip'-—j 



we have 



x o n = g ox 



provided that all hi are in ¥ p n. If d > b, we have m = b£ + (d — 6), so that s = b 
and k = d — b. Applying ITheorem 4.91 we find w = J2o<i<t hiX b ~ l and a = 0. 
Then 

h = x k w(x e ), 
g* = x h w e . 



Thus the example falls well within Ritt's Second Theorem. IZannierl (119931 ) 
points out that this was also remarked by A. Kondracki, a student of Andrzej 
Schinzel. 
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Lemma 4.32. Let F be a perfect Geld, let £, m > 2 be integers for which p 
divides n = £m, and let g and h in F[x] have degrees £ and m, respectively. 
Then the following hold. 

(i) JofteD^ g'b! = 0^geDf orheD^, 

(ii) # J D^ = g"/ P +i(l_ g -i) ; 



(Hi) 



- #Dn/ P ,i if V \ 2, 

# D n,£ { = #Dn/p,i/ P ifp\m, 
< #Dn/ P ,e + #Dn/p,e/ P always. 



Proof. (i) is clear. For (ii) , all Frobenius compositions are of the form g*ox p 



with g* G P n / pl and g* is uniquely determined by the composition. In (iii) if 



D^ e can be uniquely 



p \ £, then p \ m, and according to (3.4), any g oh 

rewritten as g o h* o x p , with h* G P^/p- ^ P \ m i then the corresponding 
argument works. For the third line, we may assume that p divides £ and m, 
and then have both possibilities above for Frobenius compositions. □ 



A particular strength of Zannier's and Schinzel's result in lFact 4~T3l is that, 
contrary to earlier versions, the characteristic of F appears only very mildly, 



namely in (4.5) We now e lucidate t he cas e excluded by (4.5), namely g'(g*)' 



0, which is mentioned in IZannierl (|1993l ). page 178. This case can only oc- 
cur when p > 2. We recall the Frobenius power ifj\ F[x] — > F[x] from 
Definition 3.3i 



Lemma 4.33. In the above notation, assume that (£, m, g, h, g*, h*) and f sat- 



isfy (4.4), (4.6), and (4.7), and that F is perfect 



(i) The following are equivalent: 



(a) f is a Frobenius composition, 

(b) r = o, 

(c) g'(g*)' = 0. 
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(ii) If g' = 0, then p \ £ and (g*)' ^ 0, and there exist positive integers j and 
M, and monic original G, G* , H* E F[x] so that 



m = p j M, deg G = cleg H* = M, cleg G* 



(4.34) 



g = x p o G, g* o x p 



x r o 



G*,h* = x pJ oH\ 



G'(G*)' ^ 0,Goh = G* oH*, 
f = x p3 o G o h = x pl o (G* o H*). 



In particular, (I, M, G, h, G*, H*) satishes \(4.4)\ through \(4.6)\ if M > I, 
and (M,£,G*,H*,G,h) does if 2 < M < i. If M = 1, then G and H* 
are linear. 

(Hi) If (g*)' = 0, then p\m and g' ^ 0, and there exist positive integers d and 
L, and monic original G, H, G* E F[x] with 

t = p d L, p\L,g = <fd(G), h = x pd o H, g* = x pd o G* , 
(4.35) G'(G*) f ^ 0, 

G o H = G* o h*, f = x pd o G o H. 

with ifd from \Definition 373l In particular, (L,m,G,H,G*,h*) satisfies 



(4.4) through (4.6) if L > 2. 



(iv) The data derived in (ii) and (Hi) are uniquely determined. Conversely, 
given such data, the stated formulas yield (£,m, g,h, g*,h*) and f that 



satisfy \(4.4)\\(4.6)\ and \(4.7) 
Proof. 



If / = x p o G is a Frobenius composition, then /' = 0. We have 
f' = (g'oh).ti=((g*yoh*).(h*y. 

£m, hence p \ £ or p | m. In the case 



(4.36) 

If (b) holds, then p \ deg / 
p | £, |(4.4)| implies that p f m and g'(h*)' ^ 0, hence h' = (g*)' = by |(4.36) 



n 



Symmetrically, p \ m implies that g' = (h*)' = 0, so that (c) follows in both 
cases. 

If (c) holds, say g' = 0, then the coefficient of x % in g is zero unless p \ i. 
Since F is perfect, every element has a pth root, and it follows that g = x p o G 
for some G E F[x}. Thus g is a Frobenius composition, and so is / = g o h. 



(ii) Let j > 1 be the largest integer for which there exists some G E F[x] 



with g = x p o G. Then j and G are uniquely determined, G is monic and 
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original, G' ^ 0, pP \ m, degG 
we have 



mp 



M, and p \ I by (4.4) Furthermore, 



(4.37) 



g* o h* = g o h = x pl o G o h. 



Writing h* = J2i<i< m ^i xi w ^ tn Ki = 1, we let I = {z < m: /t* ^ 0} be the 
support of h*. Assume that there is some i G I with p* \ i, and let k be the 
largest such i. Then k < m, m{t— 1) + k is not divisible by p 3 ' , the coefficient of 
x m(e-i)+k in (/^*) ^ i s £h* an d in ^* /i* it is \c{g*)-£h* k ^ 0; see £i in lLemma 3 .91 

This contradicts (4.37), so that the assumption is false and h* = (H*)^ for a 

-j 



unique monic original H* G F[x], of degree M = mp' 

Setting G* = (pj 1 ^*), we have degG* = degg* 
xv 3 oG* = <pj(G*) ox 133 , and 



and hence (G*)' ^ 0, 



ar o 



Goh=goh=f 



g* oh* =<p j (G*)ox p3 oH* 
Goh = G*oH*. 



x p o G* o H* 



(iii) Since p \ £ = degg*, (4.4) implies that p f m, g' ^ 0, and g' o h 0. 
In (4.36), we have /' = and hence /i' = 0. There exist monic original Gi, 
E x G with g* = x p o G x , h = x p o i^, and 

G 1 oh* = <pi 1 {jg)oH 1 . 

If = 0, then if( = and we can continue this transformation. Eventually we 
find an integer j > 1 and monic original Gj, Hj G with | £, g* — x pJ oGj, 
h = x pJ o Hj, and G^ ^ 0. We set G = (p~ l {g),G* = Gj, and if = Hj. Then 
G'(G*)' ^ 0, degG* = degif = L, degG = m. As above, we have 



G* oh* 



G 3 o h* 



< P J 1 (g)oH j = GoH, 



f 

According to 

We set t = iv"- 



oG*)oh* = go(x p oH) 



oGoH. 



m 



If 



d is the multiplicity of p in I. We now show that j = d. 
'* > 2, then the above collision satisfies the assumptions 



(4.4) through (4.6) , with t < m instead of £. Thus ITheorem 4.91 applies. 



In the First Case, | (4. 11)] shows that p \ £*. It follows that j = d and t = L. 
In the Second Case, we have p \ tm = £p~^m by (4.10), so that again j 
and t = L. In the remaining case I* — 1, we have L = 1 and G* = H 



d 



x. 



(iv) The uniqueness of all quantities is clear. 



□ 



We need some simple properties of the Frobenius map ipj from (3.4) 
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Lemma 4.38. Let F be a Geld of characteristic p > 2, f, g G F[x], a G F, let 
h j > 1, and denote by f the derivative of f . Then 

(i) fj(fg) = <Pj(f)w(g), 
(u) ^(f) = ipjifY, 

(Hi) <fj(f og)= (f^f) o i p j (g) j 

(iv) ^(/(a)) = ^(/)(oP*), 

(v) <p j {f) = <p i {f)'. 



PROOF. (i) is immediate, and (ii) follows. For (iii), we write / = ^2 fax 1 with 



all fi G F. Then 



(iv) is a special case of For |(v)| we have 

V>Af) = VAT,**'' 1 ) E' 7 " •/'"•'•' ' = iZ'/f ' = rM)'- 



Our next goal is to get rid of the assumption |(4.5)[ namely that g'(g*)' ^ 0, 
in ITheorem 4.9[ This is achieved by the following result. Its statement is 



lengthy, and the simple version is: if (4.5) is violated, remove the component 



x p from the culprit as long as you can. Then ITheorem 4.91 applies. 

Theorem 4.39. Let F be a perfect field of characteristic p > 0. Let m > £ > 2 
be integers with gcd(£, m) = 1, set n = £m and let f, g, h, g*, h* G F[x] be monic 
original of degrees n, m, £, £, m, respectively, with f = goh = g*oh*. Then 
the following hold. 

(i) If g' = 0, then there exists a uniquely determined positive integer j so 
that p> divides m and either {(i.ajty or ((i.bJP hold; furthermore, ((i.cJP is 
true. We set M = p~^m. 

(a) (First Case) 

(1) If M > £, then there exist a monic W G F[x] of degree S = 
[M/£\ and a e F so that 



KW + £xW ± 
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for K = M — £\_M/£\, and all conclusions of Theorem 4.9(i) 
except (4.11) and k < £, hold for k = p>K, s = pi S , and 
w = W p . Conversely, any W and a as above yield via these 

0. 



formulas a collision satisfying (4.4), (4.6) and (4.7), with g' = 
lfp\ M, then W and a are uniquely determined by f and £. 
(2) If M < £, then there exist a monic W G F[x) of degree S 
[£/M\ and a e F so that 

f 



{.r^a kM w M (a M ))ox k '-W'(cr 
KW + £xW ^ 



„fcM„..M lM< 



o (x + a) 



for K = £ — M[£/M\, and all conclusions of Theorem 4.9 (i) 
with £ replaced by M and excepting (4.11) and the division 
with remainder, hold for k = p^K, s = p^S, and w = W pJ . 
Conversely any W and a as above yield via these formulas a 

0. Further- 



collision satisfying (4.4), (4.6) and (4.7), with g' = 
more, W and a are uniquely determined by f and 
(3) Ifm — pi , then g = h* = x pJ and g* = <Pj(h). 



(b) (Second Case) p \ M, and all conclusions of Theorem 4.9(H) hold, 



except (4.13) 



(c) Assume that M > 2, and let f be a collision of the Second Case. 
Then f belongs to the First Case if and only if min(£, M) = 2. 

(ii) If (g*)' = 0, then there exists a unique positive integer d such that p d \ £, 
p \ p~ d £ = L, and either ((ii. a)\ ) or ((li.bJP holds; furthermore, ((li.cJP is 
true. 

(a) (First Case) There exist a monic w 6 F[x] of degree [_m/L\ and 
a G F so that 



f = 


(x — 


a M w L 


[a 1 )) o x M w L (x e ) o(x + a), 


9 = 


(x — 


a kl w L 


a e )) o x k w L o (x + a e ), 


h = 


(x — 


t\ 

a ) o x 


e o (x + a), 


9* = 


(x — 


a M w L 


[a e )) o x l o (x + a k cp~ l 1 {w)(a L )), 


h* = 


(x — 




[w)(a L )) o x k ip~ d 1 (w)(x L ) o(x + a 



where m = L[m/L\ +k. The quantities w and a are uniquely deter- 
mined by f and £. Conversely, any w and a as above yield via these 



formulas a collision satisfying (4.4), (4.6), and (4.7) Furthermore, 
kw + txw' 7^ 0. 
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(b) (Second Case) There exist z,a £ F with z ^ for which all conclu- 
sions of Theorem 4.9(H) hold, except (4.13), Conversely, any (z,a) 



as above yields a collision satisfying (4.4), (4.6) and (4.7) 



(c) When L > 3, then lj(ii.a)\ ) and { (ii.b)^ are mutually exclusive. For 
L < 2, ((ii'.bip is included in {(ii.a) ). 



(i) We take the quantities j, M, G, G* , H* from Lemma 4.33(ii) 



Theorem 4~9l to the collision G o h = G* o H * in (4.34) We start 



Proof. 
and apply 

with the First Case (Theorem 4.9 (i) ) . If M > £, it yields a monic W £ F[x] of 
degree [M/£\ and a £ F with 



(4.40) 



G o h = G* o h* = (x - a*) o x Ke W\x e ) o( x + a), 
KW + txW ^ 0, 



where K = M - £[M/£\ and a* = a Ke W e (a e ). We set k = p>K and w = W pj . 
Then 

f = go h = G p3 oh = x pJ oGoh 
= x pJ o(x- a*) o x Kl W\x l ) o(x + a) 
= (x- (a*f) o x pJKe (W p3 Y(x e ) o(x + a) 
= (x - a M w e (a e )) o x M w i (a t ) o (x + a). 

Furthermore, we have 

£s + k = £p> [M/£\ + p>(M -£[M/£\ ) = m. 

If 2 < M < we have to reverse the roles of M and £ in the application 



of Theorem 4.9(i) Thus we now find a monic W £ F[x) of degree \£jM\ and 
a £ F with 

G o h = (x - a*) o x KM W M (x M ) o (x + a), 

with K — I — M[£/M\ , a* = a KM W M (a M ), and KPF + MxW ^ 0. We set 
k = p>K and w = W p \ Then 

f = x p' oGoh = _ a *) o x pJ o x KM W M (x M ) o(x + a) 
= {x- a kM w M (a M )) o x kM w M (x M ) o(x + a). 

Furthermore we have 

Ms + k — Mp> [£/M\ +p>(£- M[£/M\ ) = p>£. 
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Since p\ £, W and a are uniquely determined. 



If M = 1, then g 



f = x p o h = ipj(h) o x p , and g* = <fj{h) by 



Fact 3.1(i) 



In the Second Case of ITheorem 4.91 we use T pJ = x pJ from Lemma 4.8(iv 



Now Theorem 4.9(h) provides z,a G F with z ^ and 

(x - T m (a, z)) o T iM (x, z)o(x + a), 



Goh 
G 



G* o H* 

(x - T m (a, z)) o T M (x, z l ) o (x + T £ (a, z)). 



Since G' ^ 0, we have p \ M, and hence p \ IM. Thus z and a are uniquely 
determined. Furthermore 

f = goh = x p3 oGoh 

= (x pJ - {T m (a, z)) p3 ) o T m (x, z) o (x + a) 

= (x — T n (a, z)) o x pJ o T eM (x, z) o (x + a) 
= (x - T n (a, z)) o T n (x, z) o (x + a). 



In (i.c) , we have p \ £M = p~^n. By Theorem 4.9(iii), Goh belongs to the 
First Case if and only if min{£, M} = 2. 

We take d, L, G, H, G* from Lemma 4.33(iii), and apply [Theorem 4.^1 



ii 



to the collision GoH = G*oh* . In the First Case, this yields a monic W G F[x] 
of degree [m/L\ and a G F so that the conclusions of Theorem 4.9(i) hold for 
these values, with k = m — L ■ \m/L\ . We set w = ipd(W). Then 



degG 
9 



m, 



h* 



f 



deg{x k W L ) = {m-L- [m/L\) + L ■ [m/L\ 
(p d (G) = tp d ((x - a kL W L {a L )) o x k W L o (x + a L )) 
<p d (x - a kL W L (a L )) o <p d (x k W L ) o <p d (x + a L ) 
(x - a M w L (a 1 )) o x k w L o (x + a 1 ). 
x pd o H = x pd o (x — a L ) o x L o (x + a) 
(x — a 1 ) o x o (x + a), 

x f d oG*= x pd o(x- a kL W L {a L )) o X L o (x + a k W{a L )) 

(x - a M W pdL (a L )) ox e o( x + a k W(a L )) 

(x - a M w L (a e )) ox £ o(x + a k ipf(w)(a L )), 

(x - a k W(a L )) o x k W(x L ) o (x + a) 

(x - a k (p d 1 (w)(a L )) o x k <p-[ 1 (w)(x L ) o (x + a), 

(x - a ke w L {a e )) o x kl w L {x l ) o (x + a). 
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Furthermore, ILemma 4.381 implies that 

kw + £xw' = k<p d (W) + extp d (W)' = <p d (kW + £xW) ^ 0. 



In the Second Case, Theorem 4.9 (ii) provides z,a G F with z ^ and 



g = ¥d{G) =<p d ((x- T mL (a, z)) o T m (x, z L ) o (x + T L (a, z))) 
= (x- (p d {T mL (a, z))) o (p d (T m (x, z L )) o (x + ip d (T L (a, z))) 
= (x- T mL (a, zf) o T m (x, (zY) o (x + T L (a, zf) 
= (x- T n (a, z)) o T m (x, z l ) o (x + T e (a, z)), 
h = x pd o H = x pd o (x — T L (a, z)) o T L (x, z) o (x + a) 

= (x — 2}(a, ^)) o Ti(x, z) o (x + a), 
g * = x pd o G* = x pd o(x- T Lm (a, z)) o T L (x, z m ) o (x + T m (a, z)) 
= (x- T n (a, z)) o x pd o T L (x, z m ) o (x + T m (a, 2;)) 
= (x - T n (a, z)) o T £ (x, z m ) o(x + T m (a, z)), 
h* = (x - T m (a, z)) o T m (x, z)o(x + a), 
f = (x - T n (a, z)) o T n (x, z)o(x + a). 



11. c 



k = in 



follows from Theorem 4.9 (iii) for L > 2. If L = 1, then £ = p d and 
For any 



11. a 



f =(x- T n (a, z)) o T n (x, z) o (x + a) 



in 



ii.b) , we take w = T m (x,z p ). Then 



T n (x, z) = T m (x, z p ) o T p d(x, z) = w o x p 
f = (x — w(a e )) o w(x e ) o (x + a), 



which is an instance of (ii.a) 



□ 



If p \ n, then the c ase where gcd(£ , m) 7^ 1 is reduced to the previous one by 
the following result of iTortratl dl988l ). We will only use the special case where 
£ = £* and m = m* . 

Fact 4.41. Suppose we have a Held F of characteristic p > 0, integer s£,£*,m,m* 
> 2 with p \ £m, monic original polynomials g,h,g*,h* G F[x] of degrees 
m, £, £*,m*, respectively, with g o h = g* o h* . Furthermore, let i = gcd(m, £*) 
and j = gcd(£, rrf). Then the following hold. 
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(i) There exist monic original polynomials u, v, g, h, g*,h* e F[x] of degrees 
i,j,m/i,£/j,£*/i,m*/j, respectively, so that 



(4.42) 



g = uog, 

h = h o v, 

* ~* 
g = uog , 

h* =h*ov. 



(ii) Assume that £ = £* < m = m* . Then i = j and m/i,£/i,f = g o 
h, g, h, g*, h* satisfy the assumptions of \Theorem 4. Si 



Proof. (i) Tortrat (jl988l ) proves the claim if F is algebraically closed, but 
without the condition of being monic original. Thus we have four decomposi- 
tions (4.42) over an algebraic closure of F. We may choose all six components 
in (4.42) to be monic original. They are then uniqu ely determined. Since 



V \ n, decompos i tion i s ra tional; see ISchinzell (120000 . 1.3, Theorem 6, and 
Kozen &: Landaul ( 119891 ) or Ivon zur Gathenl (I1990al ) for an algorithmic proof. 
It follows that the six components are in F[x]. 



'ii) We have gcd(£/i,m/i) = 1, and 

/ = (u o g) o (h o v) = (u o g*) o (h* o v). 



The uniqueness of tame decompositions ( IFact 3 .ill implies that g o h = g* o h* . 
The other requirements are immediate. □ 



Tortratf s result, together with the preceding material, determines D n £ fl 
D nrn completely, iip\n — £m. 

Corollary 4.43. Let ¥ q be a Gnite Geld of characteristic p, and let m > 
I > 2 be integers with p \ n = £m, % = gcd(£, m) and s = [m/£\. Let 
t = j^{D n ^ fl D n ,m)- Then the following hold. 



(i) 



q 2£+s -\l - q- 1 ) if£\m, 
q 2l {q s+1 + (1 — 5i )2 ){<l 2 — — q^ 1 ) otherwise. 



t<2q 2i+s -\l-q- 1 : 
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PROOF. (i) Let T = D n ^ fl D Ujm fl -D° consist of the monic original polyno- 



mials in the intersection, and similarly U = D n j i i^j i fl D ra /j2 m /j fl -Djwjz- Then 



Fact 4.41 (ii)] implies that T = FfoUoP?, using Go# = {goh: g e G,h e H} 
for sets G,H C _F[x]. Furthermore, the composition maps involved are injec- 
tive. Thus 



#T = ) 2 • #[/ = 9 



v 2i-2 



If £\m, then £/i>2 and from Corollary 4.30(i) we have 

-2 



#17 



9 



1-9 



-■(g^ + (i-M(9 4 -<f))(i-<r 1 ) 



which implies the claim in this case. If £ \ m, then 
is inapplicable. Now 



1 and Corollary 4.30 



U = D m/ll n D 



which again shows the claim. 



m/£,m/i 
m/t-1 



- I s - 1 , 



pO 



.11 



We have q 2 < q s+ \ and if £ \ m, then 2i < £ < 2£ - 2. 



□ 



This result shows that there are more polynomials in the intersection when 
£ 2 | n than otherwise. 

We now have determined the size of the intersection if either p \ n or 
gcd(£, m) = 1. It remains a challenge to do this with the same precision when 
both conditions are violated. The following approach yields a rougher estimate. 



Theorem 4.44. Let F be a Geld of characteristic p > 2, let £,m,n > 2 be 
integers with p \ n = £m, and set T = D n ^ fl D n , m fl D+. Then the following 
hold. 

(i) If p \ £, then for any monic original f G T there exist monic original 
g* and h* in F[x] of degrees £ and m, respectively, with f = g* o h* , 
(g*Y(h*y ^ 0, and < deg(h*)' <m-£. 

(ii) If p | £, then for any monic original f G T there exist monic original 
g and h G F[x] of degrees m and £, respectively, with f = g o h and 
degg' < m — (m + !)/£. 
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Proof. We take a collision (4.7) and its derivative (4.36) Since / G D+, we 
have 



(i) Since p | m, we have degg' < m — 2, (h*)' 0, and deg(h*)' > 0, so that 

n-m + deg(h*)' = (£ - 1) • m + deg(h*)' = deg /' 
<(m-2)-£ + £-l=n-£-l, 
< deg(h*)' <m-L 



(ii)|We have g'/i' ^ 0, deg(g*)' < £ - 2, degtf > 0, and 

£ • deg g' <£■ deg g' + deg h' = deg /' 

< (I — 2) ■ m + m — 1 = £m — m — 1, 

degg' < m 



m 



□ 



We deduce the following upper bounds on #T. 



Corollary 4.45. Let ¥ q be a finite field of characteristic p, £ a prime number 
dividing m > £, assume that p \ n = Em, and set t = #(D n> £ fl D n m fl 
Then the following hold. 

(i) Ifp\£, then 

t<q m+Wp \l-q- 1 ). 

(ii) Ifp | £, we set c =\(m-£ + l)/£] . Then 

t < q ™+Z-c+\c/p\^_ q -ly 

If £\m, then c = m/£. 



Proof. (i) Any h* permitted in Theorem 4.44(i) has nonzero coefficients 
only at x l with p \ i or i < m — £. Since p \ m, the number of such i is 
m — £ + \£/p]- Taking into account that h* is monic, the number of g* o h* , 
composed on the left with a linear polynomial, is at most 



q 2 (l - q- 1 ) ■ q 1 ' 1 ■ q 



q 



m+\£/p] , 



1-g- 1 ). 



m and satisfy 



(ii) The polynomials g permitted in Theorem 4.44(h) are monic of degree 

, m + 1 
degg < m — , 

degg' < m — 2. 
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Thus p | m, and g has nonzero coefficients only at x l with i < m and p \ i or 
1 < i < m — c. The number of such i is m — c + |~c/p] . By composing with a 
linear polynomial on the left and by h on the right and using that g is monic, 
we find 

t < q\l ~ q- 1 ) ■ q m - c+ ^- 1 ■ q"~ l = q m+i-c+\c M ^ _ g -i). 

If 1 1 m, then c = m/£- 1 + = m/l. □ 
For perspective, we also note the following lower bounds on #T. Unlike the 



results up to |Corollary 4.43[ there is a substantial gap between the upper and 
lower bounds. 

Corollary 4.46. Let ¥ q be a finite field of characteristic p, £ a prime number 
dividing m > £, assume that p \ n = £m, and set t = #(D n> i fl D n m fl 
Then the following hold. 

(i) lfp^£ divides m exactly d > 1 times, then 

q^-\l - q- l ){l - q-^){l - q~\l + g'^ ^ff )) < * 

if £ \ p d — 1. Otherwise we set p = gcd(p d — 1, £), r* = {p d — and 
have 

1 — 

1 — g~' r * ~~ 

(ii) If p = £, p \ m/p, and m has no prime divisor smaller than p, then 



Proof. (i) For any monic original g,w,h G F 9 [x] of degrees £, m/£, £, respec- 
tively, we have g o w o h G D n ^ fl -D n ,m fl D°. We now estimate the number of 
such compositions. 



Since £ = degg, Fact 3.1 (i) implies that the composition map (g,woh) i— > 
g o w o h is injective. To estimate from below the number iV of w o h, we use 
ITheorem 3.311 with r = p d , a = m/£p d , k = m/£, fh = £ ^ r, p = gcd(r — 1, £), 
and r* = (r — l)//i. (Here rh is the value called m in ITheorem 3.311 whose 
name conflicts with the present value of m.) 
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If fi — 1, we obtain from Theorem 3.31 (i) 

N > g £+m /^ 2 (l - q~ m ' l )(l - q~\l + q 



P+2 1 



-1\2 



q~ 



-))• 



If ii 7^ 1, Theorem 3.31(h) says that 
N>q l+m ^- 2 ((l-q- l (l + q 



■p+2 



-1\2 



~ ))(l-?" m// ) 

l+^>- 2) )) : 



-m/£-r*+2 ' 



.-1^2, 



1-9 



1 - g-f 

-r*( M -l) 



1-g- 



where we have used the simplification of (3.44) (We note that Corollary 3.43 



provides a simplified bound if r* > 2 and p > fi; when p > £, then these two 
inequalities hold unless £ = 2 and r = 3.) 

We compose these woh with Dog on the left, where v is linear and g monic 
original of degree I. This gives the lower bound 



N 



q 



t+i, 



q- l )N 



on t, as claimed. 

Thus g has nonzero coefficients only at x l with p \ % or % < ap — a. It follows 
that 



t < q 



a-l+ap-(a-[a/p\) _ p-1 



q 



ap+p—a+ [a/p] —2 



(ii) Clearly, t is at least the number ofvogowoh with v linear and 



g,w } h G F[x] monic original of degrees p, m/p, p, respectively. 

We first bound the number t* of h* = w o h with h* m _ x ^ 0. We denote as 
h p _i the second highest coefficient of h. Then h* m _ x = m/p ■ /i p _i, and h* m _ x 
vanishes if and only if does. By Fact 3 . 1 (i) , 



In 



t* 



q m/ P -l _ g -l) 



y p is injective, so that 

m/p+p-2q _ g" 1 ) 



We now consider g oh* as input to Algorithm 3.14 

We have r = p ^ m and = gcd(p — l,m) = 1. In the proofs of 



Theorem 3.31 (i) and Corollary 3.43 (i) , no special properties of h are used, 



except (3.18) In the notation used there, we have i G N if and only if 
p — 1 | (k — l)m. Now k < p and m has no divisors less than p, so that 
io N and (3.18) holds vacuously for all h. Thus the lower bound also applies 
when we replace the number g m-1 (l — q~ l ) of all possible second components 
by t*. Thus 

,-l\2 qm/p+p-2^ _ 



t > q p+m (l - q- 1 )^ - q- p )(l - q-\l + q~ p+2 - 



q_ 

- q~ 



-)) 
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= q 2 ^~\l - q- l ){l - q~P)(l - q~ l (l + q- p+ A \ )) 

1 — q~ p 

= q 2p+m/p - l (l-q- l ) 2 (l-q- p+1 ). □ 

Example 4.47. We study the particular example p = £ = 2 and m — 6, 
so that n = 12. Let t\ = t ■ g~ 2 (l — (J 1-1 ) -1 denote the number of monic 
original polynomials in -Di2,2 H -Di2,6 H D^. Then Corollary 4.45 (ii) says that 



£i < g 5 . By coefficient comparison, we now find a better bound. Namely, 
we are looking for g o h = g* o h* with g,h,g*,h* G F g [ar] monic original of 
degrees 2, 6, 6, 2, respectively. (We have reversed the usual degrees of g, h 
and g* , h* for notational convenience.) We write h = J2i^i x \ an d similarly 
for the other polynomials. Then we choose any h 2 , h±, h 5 G ¥ q , and either 
gi arbitrary and hi = uh$, or h\ arbitrary and g\ = h 5 (hi + uhs), where 
u = h\ + h\hi + h 2 . Furthermore, we set h 3 = h\ and h\ = h$. Then the 
coefficients of g* are determined. If g'(g*)' ^ 0, then the above constitute a 
collision, and by comparing coefficients, one finds that these are all. Their 
number is at most 2g 4 , so that t x < 2q 4 and t < 2g 6 (l — q^ 1 ). 

For an explicit description of g, we set u 2 = h i + h\. In the first case, where 
hi = uh 5 , we have 

g* = x 6 + u\x A + gxx 3 + {u 2 + u 2 g\)x 2 + g^ux. 

In the second case, we have 

g* = x 6 + u^x 4 + h§{hi + uh 5 )x 3 + [u 2 h\h^ + uh 2 )x 2 + hi(h\ + uh 5 )x. 

In both cases, g x = g' ^ implies that (g*)' ^ 0. 

Giesbrecht ( 19881 ). Theorem 3.8, shows that there exist polynomials of de- 



gree n over a field of characteristic p with super-polynomially many decompo- 
sitions, namely at least n Alogn many, where A = (61ogp) _1 . 

5. Counting tame decomposable polynomials 

This section estimates the dimension and number of decomposable univariate 
polynomials. We start with the dimension of decomposables over an alge- 
braically closed field. Over a finite field. ITheorem 5.21 below provides a general 



upper bound on the number in (i) , and an almost matching lower bound. The 
latter applies only to the tame case, where p \ n, and both bounds carry a rel- 
ative error term. Lower bounds in the more difficult wild case are the subject 
of ISection 61 
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Giesbrecht (Il988l ) was the first work on our counting problem. He proves (in 
his Section l.G and translated to our notation) an upper bound of d{n)q 2+n l 2 
(1— q~ l ) on the number of decomposable polynomials, where d{n) is the number 
of divisors of n. This is mildly larger than our bound of about 2q i+n ^(l — g -1 ), 
in Theorem 5.2(i) , with its dependence on I replaced by the "worst case" I — 2, 



as in the IMain Theorem! (i) With the same replacement, Giesbrecht's thesis 
contains the upper bound in the following result, which is the geometric bound 
for our current problem. 



Theorem 5.1. Let F be an algebraically closed Geld, n > 2, and £ the smallest 
prime divisor of n. Then D n = 0ifn is prime, and otherwise 

dim D n = £ + n/£. 

Proof. We may assume that n is composite. By lFact 3.11 the fibers of j nt £ 
are finite, and hence 

dimL> n > dimA^ = dim(Pf x P% /e ) = £ + n/£. 



Now D ntn /£ has the same dimension, and D n e has smaller dimension for all 
other divisors e of n. □ 



The argument for Corollary 4.30(i) shows that if n is composite, p\n, and 



£ 2 \ n, then din^A^ n D njTl /t) < [n/£ 2 \ + 3 < £ + n/£. Thus j n>i and ^ n ,n/i 
describe two different irreducible components of D ni both of dimension £ + n/£. 



Zannierl (120081 ) studies a different but related question, namely compositions 
/ = goh in C[x] with a sparse polynomial /, having t terms. The degree is not 
bounded. He gives bounds, depending only on t, on the degree of g and the 
number of terms in h. Furthermore, he gives a parametrization of all such /, 
g, h in terms of varieties (for the coefficients) and lattices (for the exponents). 

We now present a generally valid upper bound on the number of decompos- 
ables and a lower bound in the tame case p\n. 



Theorem 5.2. Let ¥ q be a held of characteristic p and with q elements, and 
n > 2. Let £ and £2 be the smallest and second smallest nontrivial divisors of 
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n, respectively (with £ 2 = 1 if n = £ or n = i ), s = [n/£ J, and 

{0 ifn = £, 

q 2 \l - q- 1 ) ifn = £ 2 , 

2(f+n/t(i _ otherwise, 
(n -££ 2 )(£ 2 -£) 

££2 

'0 ifn e {£,£ 2 ,£ 3 ,££ 2 }, 
Pn=< q~ 



c = 



l-q 

(5.4) (3* = q -i-n/e+s+3 



- otherwise, 



(5.5) t 



ifne{£,£ 2 }, 
#(£>„,£ n D n , n/ i) otherwise. 



Then the following hold. 

(i) #D n <a n (l + f3 n ). Ifn£{£ 2 ,£ 3 }, then #D n < a n (l - a~H + f3 n ) . 
(H) #/ n > #P T r - 2a n . 
(Hi) lfp\n and £ 2 \ n, then 

a n (l - < a n (l - ft) < #D n < a B (l - § + A.)- 

(iv) lfp\n, then 

a n (l - < #jDn < an (i _ S + /?„) . 

(Vj Ifp ^ tien #^2 = a £ 2 and #D e s = a e s(l - q~^ 2 /2). 
(vi) lfp\n^£ 2 and n/£ is prime, then 

#D n = a n (l- \q~ n/l - i+ \q s + (1 - MO? - 1))). 

Proof. When n = £ is prime, then D n = and all claims are clear (reading 
a~H as 0). We may now assume that n is composite. 
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(i) The claim for n G {£ 2 ,£ 3 } follows from (v) and we now exclude these 



cases. We write u(e) = e + n/e for the exponent in Fact 3.1 (i) We have the 
two largest subsets D n ^ and D n>n j£ of D n , both of size at most 

(5.6) ^ = q<\l - q- 1 ) = q^'%1 - q' 1 ) = #(Pf X P° /£ ) = #(P n > X P°). 

Their joint contribution to #P n is at most 

(5.7) a n - 1. 

Since n is not £ or £ 2 , we have £ < £ 2 < n/£, and £ 2 is either £ 2 or a prime 
number larger than I. The index set E in (2.4) consists of all proper divisors 
of n. If n = ££ 2 , then E = {£, £ 2 }, and from (5.7) we have 

#P>n < at n - t. 

We may now assume that n ^ ££ 2 . For any e G E, we have w(e) = e + n/e = 
u(n/e). Furthermore 

{n — ee')(e' — e) 



ee' 



(5.8) u(e)-u(e) = 

holds for e, e' G P, and in particular 

(5.9) u{£) - u(£ 2 ) = (n- ££ 2 )(£ 2 - £)/££ 2 = c. 

Considered as a function of a real variable e, u is convex on the interval [l..n], 
since d 2 u/de 2 = 2n/e 3 > 0. Thus u{£) -u(e) > c for all e G E 2 = E \ {£, n/ff. 
Then 



q u(e)-u(£) _ q -c ^ q < e )~ u 
e€E 2 eeE 2 



(£)+c 



2q- 



i>0 



1-q 



-l 



since each value w(e) is assumed at most twice, namely for e and n/e, according 
(5.8)[ Using | (5. 7) [ it follows for n ^ £ 2 that 



to 



(5.10) 



<g^(l-g- 1 )(2+^g u ( e )-"W) 



2<f 



< g^(l - q-^2 + = a n (l + (3 n ). 

1 — q 1 
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This implies the claim in (i) 



(ii) follows from /3 n < 1. 



For (iii), we have D n ^ U -D n ,n/£ Q D n . Since p \ n, both and 7 n>n /^ are 



injective, by Fact 3.1 (i) From Corollary 4.30(i) , we find 



#Ai > #D n> t + — #(-D n ,£ H D n>n /e) 

> 2q i+n / £ (l - q- 1 ) - (q s+3 + g 4 )(l - q' 1 ) 

q s+3 + ? 4 g s+3 
«n(l - „ ^T77 ) > «n(l - "^TT*) = «n(l - ft), 



#D n < a n {l 



2g(M-n/£ 1 — V qt+n/l' 

1 q -± + f3 n ) = a n (l-^ + (3 n ). 



a, 



Furthermore, we have 1 < s < n/£ 2 (since n is composite), s + 3 > 4, £ > 2, 
and hence 

-£-- + s + 3<--+£ + s-l. 



It follows that 



(iv) For the lower bound if £ | n, we replace the upper bound from 



Corollary 4.30(i) by the one from Corollary 4.43(ii 



In (v) , for n = £ 2 , we have D n = D n ^ and 



a, 



using the injectivity of •ye 2 ,e (Fact 3. 1 (i) ) . When n = £ 3 , then Corollary 4.43 
says that 



t = q M -\l-q 
t 



#D e a =a e s(l- 



aJl - 



Q 



This shows (v) For (vi) we replace the bound on #(D n> tr\D n;n /e) by its exact 



value from Corollary 4.30(i) 



□ 



Bodin et al\ (120091 ) state an upper bound as in Theorem 5.2(i), with an 



error term which is only 0(n) worse than f3 n . 
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Remark 5.11. How often does it happen that the smallest prime factor £ of 
n actually divides n at least twice? The answer: almost a third of the time. 
For a prime £, let 

Si = {n e PJ : £ 2 | n, V primes r < £ r \ n}, 

so that [J e St is the set in question. The union is disjoint, and its density is 

ff =E^ri( 1 -^ - 330098 - 

t r<£ 

If we take a prime p and further ask that p \ n, then we have the density 

^-illO-^IK 1 -;)- 

r<p F l<-p r<£ 

The correction terms o — o v are ~ 0.25, 0.13889, 0.07444 for p — 2, 3, 5, respec- 
tively. 



The upper and lower bounds in Theorem 5.2(i) and (iii) have distinct rela- 
tive error estimates. We now compare the two. 

Proposition 5.12. In the notation o f\Theorem 5.2\ assume thatn ^ £,£ 2 ,££ 2 . 

(i) If £ 2 < £ 2 , then f3 n > /?*. If furthermore £ 2 \ n and p\n, then 

\#D n - a n \ < a n (3 n . 

(ii) If £ 2 > £ 2 + £, then j3 n < (3* n . If furthermore £ 2 \ n and p\n, then 

\#D n - On | < Ct n (3* n . 

Proof. We let a. — — log 9 (l - q' 1 ) and a = n/£ 2 - s, so that < a, < 1, 
< tr < 1 - l/l < 1, and 

Pn = q~ c+ ^ 

o* _ ~e-n/e+n/£ 2 -a+3 
Pn " 

Furthermore, 

77 77 

/3n < /3; ^ lh(t + 7 - T2 + a + fi - 3) < (n - ££ 2 ) (£ 2 - £) 
(5.13) 1 1 n 

^££ 2 (£ 2 + a + p-3)<-(£ 2 -£ 2 ). 
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We note that £ 2 > £ 2 + a + H - 3 > 0. If £ 2 < £ 2 , it follows that p n > f3* n . If 
£2 > £ 2 + ^, then a = n/££ 2 is a proper divisor of n, since n ^ ££ 2 . It follows 
that a > £2, since a = £ would mean that £ 2 is a divisor of n with £ < £ 2 < £ 2 , 
contradicting the minimality of £ 2 . Then 

77 

-Mi -£ 2 )>£\-£> ££ 2 (£ 2 + a + n-3), 



and p n < p*. 

The claims about #-D n follow from ITheorem 5.2[ 



□ 



There remains the "gray area" of 



<£ 2 < 



+ £, where (5.13) has to be 



evaluated. The three equivalent properties in (5.13) hold when n has at least 
four prime factors, and do not hold when n = ££ 2 . 

We can simplify the bounds of lTheorem 5.21 at the price of a slightly larger 
relative error. 

Corollary 5.14. We assume the notation of \Theorem 5.21 

(i) If n is prime, then D n = 0. 

(ii) For all n, we have 

(5.15) #D n <a n (l- 

(iii) Ifp\n, then 



-n/3£ 2 



\#D n - a n \ <a n -q 



-n/3£ 2 



Proof. 
that P n < q 



follows from Theorem 5.2(1) 

n/3£ 2 



0. For 



11 



we claim 



The cases where n G 
assume that a = n/££ 2 > 2. We set ji = 

Pn = q~ c+ ^. 
We have 

3£ 3 + 3£ 
U-2 

U 2 + U 



since a n 

, £ 2 , ££ 2 } are trivial, and we may now 
_1 ), so that < ji < 1 and 



log 9 (l 



> 



3£ 2 



If 

(5.16) 
then £ 2 

(5.17) 



> 



3£-2 



3£ 



5 

+ 3 + 



10 



9£-6' 



£ 2 /3£ > and 
a(£ 2 - 



3£ 



)>2(£ 2 -£-^)> 



+ 1, 



n 



(a-l)(4-Q-l>^ = 3 ? , 



Counting decomposable univariate polynomials 67 



from which the claim follows. (5.16) is satisfied except when (£,£2) is (2,3), 
(2,4) or (3,5). 



In the first case, (5.17) is satisfied for a > 4, and in the other two for a > 3. 



The latter always holds in the case (3, 5), and we are left with n e {12, 16, 18}. 



For these values of n, we use a direct bound on the sum in (5.10), namely 

£ q u ^- u ^ < #£ 2 • q- c = 2eq~ c , 

where e = #£2/2, so that 

< a n {l + eq- c ) - t. 

The required values are given in ITable 5.T1 In all cases, we conclude from 



Theorem 5.2(i) that #£> n < a n (l + q"' 



n/3£ 2 



n 


12 


16 


18 


e 


1 


1/2 


1 


c 


1 


2 


2 


n/3£ 2 


1 


4/3 


3/2 



Table 5.1: Parameters for three values of n. 
(iii) Our claim is that q- n / e + e + s - 1 < g-«/3^ 2 gj nce n > p ; we nave 



£ 2 (3£ - 3) < £ 2 (3£ - 2) < n{3£ - 2), 

2n + 3£ 3 < 3£n + 3£ 2 , 
n n „ n 2n „ n 



This proves the claim, and (iii) follows from (ii) and ITheorem 5.2[ 



□ 



6. Counting general decomposable polynomials 



ITheorem 5.21 provides a satisfactory result in the tame case, where p\ n. Most 
of the preparatory work in Sections ISection 31 and ISection 41 is geared towards 



the wild case. The upper bound of Theorem 5.2(i) still holds. We now present 
the resulting lower bounds. 

We have to deal with an annoyingly large jungle of case distinctions. To 



keep an overview, we reduce it to the single tree of Figure 6.1 Its branches 



correspond to the various bounds on equal-degree collisions (Corollary 3.43) 
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Figure 6.1: The tree of case distinctions for estimating #D, 



and on distinct-degree collisions (Corollaries Corollary 4.30, Corollary 4.43 



and |Corollary 4.45[ ) . Since at each internal vertex, the two branches are com- 
plementary, the leaves cover all possibilities. We use a top down numbering of 
the vertices according to the branches; as an example, II.B.ii.b./? is the right- 
most leaf at the lowest level. Furthermore, if a branching is left out, as in II. B, 
then a bound at that vertex holds for all descendants, which comprise three 
internal vertices and five leaves in this example. 



Theorem 6.1. Let ¥ q be a finite field of characteristic p with q elements, and 
I the smallest prime divisor of the composite integer n > 2. Then we have the 
following bounds on j^D n over ¥ q . 

(i) If the "upper" column in \Table 6.1\ contains a 1, then 
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leaf in 




up- 


Figure 6.1 


lower bound on #D n /a n 


per 


LA 


1 


1 


LB 


1(1 + -!_)(! - r 2) +(r >> 1/2 


1 


II.A.i 
II.A.ii 


1 _ p* > 1 _ q -n/e-£+n/e*+3 

I — q-n/e+e+n/e 2 -i ^ 




II.B.i.a 

II.B.i.b 

II.B.ii.a 

II.B.ii.b.a 

ILB.ii.b./3 


I _ fq-i _)_ g -p+i + q -n/e-e+n/e 2 +3^ / 2 

l_(g-l_ g -p)/ 2 

1 - (g- 1 + - q- p + q~ e+1 ) /2 

ia+ 1 g- 1 «~ a n + 1 ) q ~ p+1 ) 

1 - q- 1 - q- p+1 


1 
1 



Table 6.1: The bounds at the leaves of |Figure 6.1 
(ii) The lower bounds in \Table 6.H hold. 



Proof. We recall D n e from |(2.3)| and a n from |(5.3)[ the superscript + for 



non-Frobenius from (3.5), and set at each vertex 



ii n. 



,n/£ 



V-2 



a,. 



"3 



a,. 



Ot n Ot n OL n 

Then v = u + u 3 if n = £ 2 , and otherwise 

(6.2) v + vi - v 2 + u 3 < v < 1 + j3 n - v 2 - V3- 

In the lower bound, v Q + v\ — v 2 counts the non-Frobenius compositions of the 
dominant contributions D n ^ and D n>n /i, and z/ 3 adds the Frobenius composi- 
tions. In the upper bound, \ — v 2 bounds the two dominant contributions from 
above, (3 n accounts for the non-dominant contributions. We may subtract z/ 3 
since the Frobenius compositions have been counted twice, in D np and D n n j v \ 
of course, v 3 is nonzero only if p \ n. 

The proof proceeds in two stages. In the first one, we indicate for some 
vertices V bounds Xi(V) with the following properties: 



> A , v\ > Ai, A 2 > v 2 > A 4 . 



Such a bound at V applies to all descendants of V. The value A4 only intervenes 
in the upper bound on i/, and we sometimes forego its detailed calculation and 
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simply use A4 = 0. In the second stage, we assemble those bounds for each leaf, 



according to (6.2) 



Throughout the proof, d > denotes the multiplicity of p in n, and s 
[n/£ 2 \. In the first stage, we use Theorem 5.2(v) at LA: 

i/(I.A) = 1. 



At LB, we have from Example 3.45 



A (LB)>i(l + ^ T )(l-g- 2 )+g^. 



Furthermore, 



(i + - > (i + ^T^ 1 - = l + V —^ 

p + 1 p + 1 p 



> 1, 



so that Ao(LB) > 1/2. Lemma 4.32(ii) says that 

A 3 (LB) = q- p+1 . 



From Fact 3.1(i), we have 



and since p \ n, 



Ao(II.A) = Ai(II.A) = -, 



^(II.A) = 0. 



Vertex II. A. i has been dealt with in Corollary 4.30(i) 

A 2 (II.A.i)=/3:>ig-^-V +3 + 9 4 ), 
A 4 (ILA.i) = ± q -n/i-t+s+3_ 



Since £ \ n/l , |Corollary 4.43] yields 



A 2 (II.A.ii) = A 4 (ILA.ii) = - q -"/t+t+s-\ 



Since p \ n at II. B, Lemma 4.32(ii) implies that 



Z/ 3 (II.B) = i g -W<+n/P+l. 

2 
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We now let V be one of II.B.i.a or II.B.ii.a. Then we have 



by Fact 3.1 (i) Applying |Corollary 3.43| to D n<n /i at V, we have d >l,r = p d ^ 
£ — m, k — n/£, and 

(6.3) /i = gcd(p d — 1,£) is either 1 or £. 

In the first case, where /i = 1, we have 

"~ n2 ))(l-T n/ 



from Corollary 3.43(i) In the second case, where fj, — £,we have p > £ = fi > 2. 
We first assume that r ^ 3. Then r — 1 = p d — 1 is not a prime number, and 
r* = (r — l)/£ > 2, so that the last bound in Corollary 3.43 (ii) applies and 



MV) > ~ ((i - q -\i + ^ p+2 ^3^r )) (! - ^ n/£ ) - ^^(i - ^ f 



If r = 3, then p = 3, /i 



9" 

2, r* = 1, and according to the second bound in 



Corollary 3.43(h), we have to replace the last summand above by 



-~?- n/m (i-<r 1 ) 2 (i + <r 1 )- 

Since 2/3 < q(l + q~ 1 )/2, the latter term dominates in absolute value the one 
for r ^ 3. Its value is at least g~ n//£+1 /2, and we find for ft = £ that 

^i(m^-^(i+<r p+2 (i-<r 1 )) 



Q 



-n/e 



-1\2 



2 

1 q- 1 



l-q-i-q-P ^ 1 q ~ > + q ) 
H H l-q-P H > 

q-p q- n l\q + 1) 



> - - —(1 + q- p+2 ) + 
~ 2 2 V ^ ; 2 



Thus we may take the last value as Ai (II.B.i.a) and Ai (II.B.ii.a). Furthermore, 



Corollary 4.30(iii) yields 



A 2 (II.B.i.a) = V n/ '~V +3 - q lsM+3 ) 
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When V is II.B.i.b or II.B.ii.b, we have for Aq in the notation of Corollary 3.43 



that k = r = p ^ n/p = m and // = gcd(p— 1, n/p) = 1, since all proper divisors 
of n/p are at least £ = p. Thus we may apply Corollary 3.43(i) to find 



-(1-q- 1 -q- p+1 + q- p )- 



At II.B.i.b, we have p\n/p, so that Fact 3.1 (i) for D n>n / p implies 

Ai(II.B.i.b) = -, 



and Corollary 4.30(ii) yields 

A 2 (II.B.i.b) = A 4 (II.B.i.b) = 0. 



At II.B.ii.a, we have i < p, and Corollary 4.45(i) says that 



A 2 (II.B.ii.a) = tq-e+WPl 



-l+l 



At II.B.ii.b. a, we have k = n/p and r = p = z = m m Corollary 3.43(iii) 
for D n ^ n / p , so that 

1 11+ rr l rr 1 

Ai(II.B.ii.b.a) = -(1 - q^M- + — + — 
v ' 2 V H A 2 2p + 2 2 



q 



-n/p 



1-q 



-p+i 



1 - g-P 



q 



-p+1 1 - g 

1-q- 



-i 



Furthermore, from Corollary 4.45 (ii) we have 



A 2 (II.B.ii.b) = l q ~ n /P 2 +WP 3 \ 

At II.B.ii.b./?, we have for D n ^ n / P that k = n/p, r = p d ~ x ^ p = m, since d > 3, 
and n = gcd(r — l,m) = gcd(p d_1 — = 1, so that Corollary 3.43(i) yields 

A^n.B.ii.b./?) = i(i - g-^i + ^ p+2 ^^r))(i - <T n/p ) 

(1 - ^(l - - 
~ 2(1 -g-f) • 
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Corollary 4.46 (ii) says that 



A 4 (II.B.ii.b.«) = Ig-n/p+p+n/p*-!^ _ _ q - P+ ly 

We find the following bounds on v at the leaves. 
LA: 

v = Ao(I.A) = 1, 

LB: We have As(I.B) = q~ p+1 , and all Frobenius compositions except x p ox p 
are collisions. Thus 

1 _ g -P+l(l _ g-lH-l) > „ > l(l + 1 ) (1 _ g -2) + > l/2 . 

2 p+l 

II.A.i: 

f < 1 + n ~ A 4 (ILA.i) = 1 + p n - l q -n/e-t+s+3 < 1+ p ny 
v > Ao(II.A) + Ai(II.A) - A 2 (II.A.i) = 1 - /?*. 

II.A.ii: 

I> < 1 + & - A 4 (ILA.ii) =l + /3 n - \ q -nlM+nie-X < 1 + ^ 

1/ > Ao(II.A) + Ai(II.A) - A 2 (II.A.ii) 

_ 1 i 1 _ 1 -n/W+s-l _ ^ _ \ -n/e+t+8-1 

2 2 2 y 2 y 

II.B.i.a: 

For the lower bound, we find 

v > Ao(II.B.i.a) + Ai (II.B.i.a) - A 2 (II.B.i.a) + z/ 3 (II.B) 

= ~ + ~(1 - + <T P+2 ) + Q~ P ~ T n/ % + 1)) 

_ - q - n / i -^ q s + 3 - gL«/Pj+3) + l g -€-n/£+n/p+l 

(6.4) > 1 - \{q^ + g^ 1 ) + *1 - q -^(q + 1 + g^+ 3 - q^^). 

At the present leaf, we have n = a£p with p > £ > 2 and a > 1. Thus 
n/£ >p and 
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Furthermore, n/p > £ and 



q 



n/p-i+l > 



It follows that 
(6.5) 

II.B.i.b: 



f < 1 + Pn - A 4 (II.B.i.b) - u 3 (ll.B) = 1 + fa - 



-p+1 



We claim that /3 n < |g~ p+1 j so that v < 1. We may assume that n ^ 
{£ 2 ,£^2}, since otherwise /5 n = 0. Setting /i = log (2/(1 — g -1 )), we have 
< yU < 2 and 2(3 n = q~ c+ ^ < q~ c+2 , so that it suffices to show 

(n- ££ 2 )(£ 2 - £) 
£-l=p-l<c-2= ± '- - 2. 



(6.6) 



Abbreviating a = n/££ 2 , this is equivalent to 

£ + 1 



+ 1 < a. 



Since p = £ and p 2 \ n, we have £ \ a and a > £ 2 > £, by the minimality 
conditions on £ and 4- If 4 > I + 2, ffgjgjl holds. If £ 2 = £ + 1, then £ = 2 and 



a > 4 is required for (6.6) Since 2 { a, it remains the case a = 3, corresponding 



to n = 18 and p = 2. One checks that /3 18 < ^g for g > 4. For g = 2, we 



have to go back to (5.10) and check that v 3 = g 10 (l — q x ) and 



#£> 18 < ais - ^ 3 + 2g 9 (l - g x ) = «i 8 . 



For the lower bound, we have 



v > Ao(II.B.i.b) + Ai (II.B.i.b) - A 2 (II.B.i.b) + i/ 3 (II.B) 
= \{l ~ q- 1 ~ q- p+1 + q- p ) + \~® + \<l~ P+l 
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At II.B.ii.a, we have 



v > A (II.B.ii.a) + A x (II.B.ii.a) - A 2 (II.B.ii.a) + i/ 3 (lI.B) 



1 1 Q 

= - H — (1 + q 

2 2 2 v H 



+ 



g -P q- n / e (q + 1) 



= l-i(^ 1 + ^ P+1 ) + ^77- 



+ 



"(9 



n/p-t+l 



2 W J ' 2 2 2 
Since n = a£ 2 p with a > 1, we have n/p > £ 2 > t + 1, and 



q-l). 



n/p-i+l 



>q 2 >q+l, 



v>\- -(q- 1 + q~ p+l - q- v + q~ i+1 ). 



II.B.ii.b.a: 



z/ > Ao(II.B.ii.b) + Ai(II.B.ii.b.a) - A 2 (II.B.ii.b) + i/ 3 (II.B) 

= ^(i - q- 1 - q~ p+1 + q~ p ) + \(i - T 1 )^ + 



-IN /l 1+9 _1 ^ 



2p + 2 



1 _ a -P+i 



(6.7) 



9 



_ „ «ri>t 1 _ n ~P+l l 1 \ _ i ~n/p 2 + \n/p 3 ] + ± q -p+l 



l-q-P q I- q-v' 2 
1,3 1 -- 2 



2 V 2 2p + 2 H 2 V p+V l-q-P 



_ -n/p 2 +rn/p3] _ n/p l 1 -? ^(l-g P+1 ) \ 

l-q-P >' 



We have n = ap 2 with a > p and all prime divisors of a larger than p. If 
p > 3, then a > p + 2 and 



a >p + 2 > p+ 1 + 



a > p + -, 
p 



1 



p — 1 p — 1 ' 



a > p + 



(6.8) 



~P > ^-n/p 2 +[n/p 3 
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We may now assume that p = 2. If a > 5, then 



and 
and 



(6.8) 



(6.8) 



a a 

a = - > 2 = p, 

2 2 - y% 

again holds. In the remaining case p = 2 and a = 3, we have n = 12 
is false. Furthermore, we have p < n/p and 



-n/p( 1 -<? ^(l-?" 



•p+1^ 



9 



1 - q- p 1 - <r p 

- p+1 (l - g" 1 ) 2 = <T P+1 - (2 - g^ 1 )^ > <T P+1 - 2q- p , 



so that for n ^ 12 the following holds: 



1 ,3 
zy > -(- + 



2 V 2 2p + 2 



1 1 



-p+i 



p + 1 1 - g-P 



)• 



For n = 12, we have calculated in |Example 4.47| that A 2 (II.B.ii.b) = tjoLyi < 
q~ 2 = q~ p , and we may use this to the same cancellation effect as (6.8) , so that 
the last inequality also holds for n — 12. 

II.B.ii.b./?: 

v > Ao(II.B.ii.b) + Ai(II.B.ii.b./3) - A 2 (II.B.ii.b) + i/ 3 (II.B) 



(l-q-'-q- 



■p+i 



+ <T P ) + 



1 (1 - q- 1 )^ - q- p+1 )(l - q- n ' p ) 



_ I„-ri/p 2 +[n/p 3 ] , l„-p+l 

2 y 2^ 



(6.9) 



1-9 



-i 9 



-p+i 



9" 



2 1 - q-P 2 



2(1 - g-P) 



:9 



— n/p 2 +n/p 3 



Since n> p 3 , we have 
n/p > p 2 > p, 



q p > q 



-n/p 
3/ 



n(p — 1) > p (p — 1), 
n n 

-P+I > 27 + ^, 

P^ p J 



(6.10) 



^ > 1 — q 



-1 * „-n 



- Q - n lv +™/P > 1 — 

2 y y 



□ 
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Except at LB and II.B.ii.b.a, the lower bounds are of the satisfactory form 
0{q~ 1 ). The leaf LB is discussed in Example 3.45 For small values of q, 



1 



the entry in lTable 6.11 at II.B.ii.b.a provides the lower bounds in lTable 6.21 



#D n /a n > 



1/6 > 0.1666 
259/468 > 0.5534 
133/240 > 0.5541 
106091/156200 > 0.6791 
56824055/80707116 > 0.7040 
2831/4032 > 0.7021 
88087/117936 > 0.7469 



Table 6.2: Lower bounds at the leaf II.B.ii.b.a, where 



P 2 II n 7^ P 2 



The multitude of bounds, driven by the estimates of lSectioh~3l and [Section 4 
is quite confusing. The lMain Theorem! in the introduction provides simple and 
universally applicable estimates. Before we come to its proof, we note that 
for special values, in particular for small ones, of our parameters one may find 
better bounds in other parts of this paper. 



Proof (IMain TheoremI) . (i) follows from 2 < £ < y/n. The first upper bound 



on #-D„ in (ii) follows from Corollary 5.14(ii) It remains to deduce the lower 



bounds. Starting with the last claim, we note that (v) is Corollary 5.14(iii) In 



the assumption of (iv) the leaves LB and II.B.ii.b.a are disallowed. We claim 
that ITheorem 6.11 implies 



(6.11) 



v > 1 - 2q- 



at all leaves but these two. Leaf LA is clear. At II. A. i, we have n = a£, where 
a > £ and all prime factors of a are larger than I. When a > £ + 2, then 



n n , 1, .„ . . 1. 
-__ = al- 7 > * + 2(l- 7 



l+l- 7 > 

u>l-[3* n >l-q 



-i 



When a = £ + 1, then £ = 2, a = 3, n = 6, and by Theorem 5.2(iii) we have 



again 



a 6 



>l-(3* = l-q-\ 
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At II.A.ii, we have n = a£ 2 with a > £ and 

n n 



a(l-l) > £(£-!) > £, 



q 



-n/e+e+n/e 2 -i < -1 

— H i 



v>\- q~ l /2. 



At II.B.i.a, we consider the inequality 



(6.12) 



n 



-^-£ + s + 3 < -1, 



with s = [n/£ 2 \ <n/£ 2 . It holds for i > 3. When 

one checks it for n = 6. Now n = 4 is case II. B and excepted here. Thus (6.12) 



2, it holds for n > 8, and 



holds in all cases at II.B.i.a, and (6.5) implies that v > 1 — 3q 1 /2 > 1 — 2g r 
(6.11)| is clear for II.B.i.b and II.B.ii.b./3. At II.B.ii.a, we have p > i > 2. 



and (6.11)| follows from ITable 6. Tl This concludes the proof of (iv 

In (iii), the second inequality follows from (3 — 2g _1 ) • (1 — g _1 )/4 > 1/2 
when q > 5. For the first inequality, we have 1 — 2g _1 > (3 — 2g~ 1 )/4 when 
q > 5. Thus it remains to prove (iii) at II.B.ii.b.a. It is convenient to show (ii) 



and (iii) together at this leaf. 



We have for p > 3 and q > 5 that 

1 - <T 3 > <T 2 (3g + 4) > q~ 2 (3p + 4) - q- 5 (p + 2) 
= q- 2 (p + 2)(l-q- 3 ) + q- 2 (2p + 2), 
q~ 2 (p + 2) 



-p+i 



> 



2p + 2 2p + 2 
and from ITable 6.11 

1 



+ 



i-3 



> VU + 



+ 



(6.13) 



1/3 
- 2 V 2 2p 



p + 1 1 — q 



-p+i 



> 



q' 



- q 

2q- x 



p + V 



4 



4 

= 3 or p 



For the remaining cases q = 3 or p = 2, we use (6.7) At the current leaf, 
we can write n = ap 2 > p 2 with all prime divisors of a greater than p, and split 
the lower bound into two summands: 



1 ,3 1 
2^2 + 2p + 2 



- q 



2 V p4 



-a+fa/p] 



+ q 



-ap 



l-q- 



q 



+ 



q- p {2 - q 



q 
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so that v > u q — e qin , and e q , n is monotonically decreasing in a. 
For q = 3, we have a > 5, 

203 

u 3 = > 0.5783, 

d 27-13 

e 3 „ < 1(3— + A . g-a,) < = I ( 3-5 + 2 + A . 3-i 5) 

= s + s' rl5< 0186 ' 

f > ^3 -e 3 ,n > 0.5598 > 1/2. 
For p = 2, we find 

5 _! , q- 2 

^n = ^(g- (a - 1)/2 + r 2a -^^). 

When q > 8 and n > 28, so that a > 7, we have 

5 3-2g- x 
^ > ^ - e g ,„ > - - q > . 

For the remaining values q G {2, 4} or n G {12, 20}, we note the values 



u 2 = 


3 

8' 




v 4 = 


19 

32' 




Cq,12 — 


-to- 

2 W 


1 + g 


e q,20 — 


-to- 

2 W 


- 2 + g^. 1 " 9 

i + g" 



We find that v > (3-2g" 1 )/4 for g > 8 and n = 20, and for g > 16 and n = 12. 
ITable 6 .31 shows that this also holds for (q,n) = (8, 12). When g = 4, we have 
v > 1/2 for n > 20 by the above, and according to ITable 6.31 also for n = 12. 

When q = 2, the values above only show that v > 1/4 for n > 28. However, 
a different and simple approach gives a better bound for n = 4a with an odd 
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q,n 




«n 


#D n /a n > 


2,4 


6 


8 


0.7500 


2,8 


36 


64 


0.5625 


2, 12 


236 


256 


0.9218 


2, 16 


762 


1024 


0.7441 


2,20 


3 264 


4 096 


0.7968 


2,24 


14 264 


16 384 


0.8706 


2,28 


49 920 


65 536 


0.7617 


2,36 


821600 


1 048 576 


0.7835 


4,4 


132 


192 


0.6875 


4, 12 


100 848 


98 304 


1.0258 


8,4 


2 408 


3 584 


0.6718 


8, 12 


30 382 016 


29 360 128 


1.0348 


10, 4 


a 1 n/in 
41 U4U 


fii a /in 
01 44U 


u.oo { y 


32,4 


677536 


1015 808 


0.6669 


64,4 


11011392 


16 515 072 


0.6667 


128,4 


177 564 288 


266 338 304 


0.6666 


256,4 


2 852148 480 


4 278190 080 


0.6666 


3,9 


414 


486 


0.8518 


9,9 


450 792 


472 392 


0.9542 


5,5 


7 798100 


7812 500 


0.9981 



Table 6.3: Decomposable polynomials of degree n over ¥ q . 



a > 3 over F 2 . We exploit the special fact that x 2 + x G F 2 [x] is the only 
quadratic original polynomial that is not a square. 

Any g G F 2 [x] is uniquely determined by / = g o (x 2 + x), due to the 
uniqueness of the Taylor expansion. The number of original g of degree 2a 
and that are not a square is 2 2a_1 — 2 a_1 , and by composing with a linear 
polynomial on the left, we have #£>+ n/2 = 2 2a - 2 a = 2 n / 2 - 2 n / 4 . Similary, 
(x 2 + x) o h = [x 2 + x) o h* with h ^ h* implies that — 1 = h* — /i, so that 
one of the two polynomials is not original. Thus 7 ra 2 is also injective on the 



original polynomials, and jfD+ 2 = 2 n l 2 — 2™/ 4 . Furthermore, Corollary 4.45 (ii) 
says that 

t = #(£>+ 2 n D+ n/2 ) < 2-/ 4 +r«/8i+i = 2 3 ™/ 8+3 / 2 . 



The number of Frobenius compositions (that is, squares) of degree n equals 
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= 2 2a , and a n = 2 n / 2+2 . It follows that 



#A. > #£>+, + #Dl n/2 -t + #D* 

~> 2 . 2™/ 2 (l — 2~™/ 4 ) — 2 3n//8+3//2 + 2™/ 2 



(6.14) 



(- - 2-"/ 8 - 1 / 2 - 2-™/ 4 " 1 K, 



v > 



4 



2-5/2-1/2 _ 2- 5 - 1 



39 
64 



> 0.6093 > 1/2 



for n > 20. Using [Table 6.31 for n = 12, we find v > 1/2 also for g = 2, and 
hence for all values at leaf II.B.ii.b.a. Now it only remains to prove v > 1/2 in 



(ii) The leaf II.B.ii.b.a has just been dealt with. Since 1 — q 1 > 1/2 for all q, 



the claim follows from the previous bounds at the leaves LA, II. A. i, II.A.ii, and 
II.B.i.b. At II.B.i.a, we have shown u > 1 — 3g _1 /2 > 1/2 for q > 3; since p £ 
and hence p > 3 at this leaf, the claim follows. Similarly, we have at II.B.ii.a 

q- 2 > 1/2. 



that q > p > 3 and v > 1 — | 
Now remain the two leaves LB and II.b.ii.b./3. 



At leaf LB, we have n = p and 



<f>g + 2>p + 2, 

' +2g- p >g- 2 (l+ 1 



p+ 1 



From Example 3.45 we find 



v > -(1 
- 2 V 



1 )(1 - q- 2 ) + q-P >i. 



p+ 1 



ITable 6 .31 gives the exact values of z/ for p = 2 and g < 256. 

At the final leaf II.B.ii.b./?, we have £ = p and p 3 \ n. The lower bound in 



ITable 6.11 implies v > 1/2 for q > 4. When g = 3, |(6.10)| yields 

1 1 



1/ > 1 



_ 5 1 
3 ~ 9 ~ 9 > 2" 



For g = 2, we have from (6.9) 



1 1 
v > - + — 
~ 2 24 



2-n/2-i 



_ 2-1/8-1 



When n > 32, this shows v > 1/2. For the smaller values 8, 16, and 24 of n, 
the data in ITable 6.31 are sufficient. □ 
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Two features are worth noting. Firstly, our lower bounds are rather pessimistic 



when q = 2, yielding for n = 12 that v > 47/384 > 0.1223 by |(6.7)| v > 3/16 = 
0.1875 from the special argument, compared to v — 59/64 > 0.9218 from our 
experiments. Secondly, our lower bounds are strictly increasing in n, while the 
experiments show a decrease in v from n = 12 to n = 20. Both features show 
that more work is needed to understand the case p = £ and p 2 || n, where the 
latter means that p 2 \ n and p 3 \ n. 

Much effort has been spent here in arriving at precise bounds, without 
asymptotics or unspecified constants. We now derive some conclusions about 
the asymptotic behavior. There are two parameters: the field size q and the 
degree n. When n is prime, then #-D„ = a n = 0, and prime values of n 
are excepted in the following. We consider the asymptotics in one parameter, 
where the other one is fixed, and also the special situations where gcd(g, n) — 1. 
Furthermore, we denote as "q, n — > oo" the set of all infinite sequences of 
pairwise distinct (q,n). The cases p 2 \\ n are the only ones where [Table 6.11 
does not show that v — > 1. 

Theorem 6.15. Let v q>n = #D n /a n over ¥ q . We only consider composite n. 
(i) For any q, we have 

limsup u q n = 1, 



lim u on — l, 

gcd(g,n)=l 



2 

3 - 2q- x 



< v q n for any n, if q > 5. 



4 

(ii) Let n be a composite integer and £ its smallest prime divisor. Then 

limsup v q>n = 1, 



>!(l + ^i)>§ ifn = ^ 

2 



liminf u q>n <j > 1(3 + ^) > | iff || nandn^ 
- 1 otherwise, 



q—*co 



lim U qn 

q ^rv, 



gcd(q,n) = l 
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(Hi) For any sequence q, n —>■ oo, we have 

1 



< lim inf v qn < lim sup z/, 



q,n— >oo 



q,n 



q,n— >oo 



lim 

q,n— >oo 
gcd(g,n)=l 



V, 



q.n 



Proof. (i) We start with an upper bound. The conclusions of the Main 



Theorem are too weak for our current purpose, and we have to resort to 
ITheorem 5.21 For the special n which are a square or a cube of primes, or a 



product of two distinct primes, Theorem 5.2(i) says that u q>n < 1. For the other 
values, we set d = n/££ 2 , and the upper bound on the lim sup follows if we show 
that c = (d — I) (£2 — £) is unbounded as n grows, since then (3 n = q~ c / (1 — q^ 1 ) 
tends to zero, and u qn < 1 + (3 n . Since £ 2 — £ > 1, it is sufficient to show the 

is a power of a prime, we may assume by 

is 



unboundedness of d. When n = 
the above that e > 4. Then £ 2 
unbounded. 

If n = £ e C+ has exactly two prime factors I < 
e + e + > 3. If e = 1, then £ 2 = £+, e+ > 2, and d - 
We now assume that e > 2. Then 

if£ 2 <£+, 
otherwise, 



2 , £ < n 1 ^ and d = £ e ~ 3 > £ e/i 



n 



1/4 



we may assume that 



> 



»(e++l)/3 



> n 



1/3 



(6.16) 



d 



if £ 2 < £+, 
otherwise. 



We first treat the case where £ 2 < £ + . If e = 2, then 

d = e+/£ > e+~ 1/2 > 6i +e + )/A > n l '\ 

If c —— 3 then 

d = f + + > ^ e ++ 3 / 2 )/ 3 > (^)l/2^+/3 = n l/3_ 

If e > 4, then d = £ e " 3 £+ + > £ e / i £ e + > n 1 ^. Next we deal with 
e = 1, we have e + > 2, and then 

> £ (e ++ l)/3 > n l /3 



> 



If 



d 
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If e + = 1 we have e > 2, and then 

d = t- 1 > & +2 ^ > t'H X l A = n l '\ 



In the remaining case, where e, e+ > 2, we have 

d 



In the last case, n 



< 



< 



< 



and 



d 



neo e + P e ++ 



n 
- 



■ ■ ■ has at least three distinct prime factors 
if e > 2 and £ 2 < 



-+> 



jjh otherwise. 



If e = e + = 1, then ££ + < n 2 ^ and d > n 1 ^ 3 . Otherwise, we apply the 
previous argument to n* = t e t e + = n/m and d* = d/m, where m = f++ ■ ■ ■ = 
n£~ e £ + e+ . Then d* equals the value d defined above for n* , and 



d = d*m> (n*) 1/4 m > n 1/4 . 



,V4 



for n 



In all cases, d is unbounded if n is. Thus lim sup^^ v q>n < 1, and |Theorem 5.2(v) 
12 implies that limsup n 



> 1. 



If we only consider n with gcd(q r , n) = 1, then Theorem 5.2(vi) says that 



2q 



-n/e+e+n/e 2 -i 



>l-q 



-n/e+e+n/e 2 



When n is the product of two prime numbers, then u q>n tends to 1 for these 
special n. We may now assume that n has at least three prime factors. Then 
n > £ 3 , and 



n „ n 



•?d-4)+/< 



n 



2/3 



+ n 1 / 3 < 



-n 



n 

Ye 

1/2 



+ £< 



2nV3 



+ n 



1/3 



for n > 512, say. The second claim in (i) follows. The other two inequalities 
are in the Main Theorem. 



ii 



The first claim follows from Corollary 5.14(ii) , since n > £ 2 and hence 



Vq >n < 1 + g" 1 / 3 . For the other claims, we consider two subsequences of q: q 
with e — > oo, and q with gcd(g, £) = 1; we denote the latter as q'. For n = £ 2 , 
the lower bound follows from the entry at LB in lTable 6.11 and for £ 2 || n ^ £ 2 
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from the entry at II.B.ii.b.a. In all other cases, the IMain Theorem] guarantees 



that P(e >n and v q ^ n tend to 1; see also (6.11) 



(iii) We take some infinite sequence of (q, n) for which v q , n tends to s 



limsup. If all q occurring in the sequence are bounded, then (i) implies that 



s < 1. Otherwise, v qn < l + g -1 / 3 is sufficient. The same case distinction yields 
the lower bound on the limit, using the Main Theorem (vi) The lower bound 
on lim inf follows from (i) □ 



Example 6.17. Let p 2 \\ n and n ^ p 2 . We study D n over ¥ q , using the 
notation of (the proof of) ITheorem 5.21 We have £ = p < £ 2 < p 2 , 

{n-M 2 )(l 2 -t) ^ n-£{£+l) ^ n 

C = — > — : > 



With 

we have 



£(£ +1) - 2£ 2 
E 2 = {e G N: e | n,£ 2 < e < n/£ 2 }, 



e£E 2 



e&E 2 



1-q 



- ■ a n < 2q 



-n/2£ 2 



We let 



#D+ p + #£>+ 



n/p 



a, 



Then 



S Aq,n 1 1 



0£ n 



a,. 



-P+i 



qn/P+1{1 " ^ + 2q-^ = X q , n o,.- ^ 



a, 



+ 2q 



On the other hand, Corollary 4.45 (ii) says that 

£ <ri/p+p-n/p 2 +\n/p' A \+l _ 



-p+l 
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For p > 3 we have 



n n n 
pz pi 2p z 



(Kn + q- p+1 )\<2q 



q,n 



-n/2p 2 



We have presented some bounds on X q>m but they are not sufficient to determine 
its value in general, not even asymptotically. However, for q = 2 we have from 



(6.14) 



2«/2+iq 2~ n / 4 ) \ 2~ n / 4 

^i> n = 2 ■ 2 n / 2 + 2 = 2 ' 
(6.18) ^ - 2-"/ 8 - 1 / 2 - 2™/ 4 - 1 < z/ 2 , n < ^ + 2" n / 8+1 - 2-"/ 4 " 1 . 







We have seen that v qn tends to 1 unless p 2 \\ n. |Example 6. 17| suggests to 
use a correction factor 7 so that v q ^ n j^ tends to 1 also in those cases. 



Conjecture 6.19. For any prime p and power q of p there exist j p , S g e 
so that 

lim is p e 2 = 7 p , 

e >oo 

lim u q7n = Sg. 
n >oop 2 ||n 



If true, this would imply that #-D p 2 ~ 7 p a p 2 over extensions ¥ q of ¥ p , and 
#D n ~ 5 q a n for growing n with p 2 \\ n. |Example 3.45 shows that the first part 
is true for p = 2 and 72 = 2/3, and (6.18) that the second part holds for q = 2 
an d 8 2 = 3/4. 



Bodin et al\ (120091 ) state without proof that #D n ~ |a n over F 2 for even 



n > 6. Assuming a standard meaning of the ~ symbol, this is false unless 



4 || n, in which case it is proven by (6.18) 



Example 6.20. Theorem 6.1 (i) exhibits several situations where #-D n < a n . 
One might wonder whether this always happens. We show that this is not 
the case. ITable 6.51 gives an example. More generally, we take three primes 
2 < £1 < £2 < £3, n = ^1^3, and an odd q with gcd(n, q) — 1. For i < 3, we 
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set 



Bi — D n>e . U D nt n/g., 



n 



Then 



t l = i(2g^ +3 + g 4 -g 3 )(l-g- 1 ). 



D n = B 1 UB 2 U B 3 , 
#B t = 2q n ^(l-q- 1 )-t l 



For a permutation 7r G S3, we set 

c= |J a 



7TSS3 



where 7^ is the composition map for three components. Then for any it G S3 

Now let i ^ j and / = g o h = g* oh* G BiHBj, with {deg g, deg ft,} = {£ h n/£i} 
and {deg g*, deg h*} = {£j,n/£j}. To simplify notation, suppose that i — 1 and 
j = 2. We refine both decompositions into complete ones. Then for goh, the set 
of degrees is either {£±, £2^3} or {£1, £ 2 , £3}, and for g* o h* it is either {£ 2 , £1^3} 
or {^1,^2,^3}- This set of degrees is unique, so that it equals {^1,^2,^3}- It 
follows that / G C and B, t n C C. Thus 



l<i<3 

> (1 _ ^ (2g n/ * +<i - i(2g^ +3 + q 4 )) - 6g £l 

1<*<3 V 2 / 

= (1 - q- 1 ) (2 ( l nlll+h ~ E ^' +3 - \^ ~ 6 <? 
\ l<i<3 1<«<3 



(6.21) 

Now suppose further that 



4<2 + (4-i)(4-i), 5<£ 2 <^, g>7 
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Then 



4 + 4 + 4 - i < 4 + 4 + 1 + (4 - i)(4 - i) 

= 44 + 2, 

44 < io(4 -i)< 44(4 -i), 

kk 



+ 4 < 44 < 44 + 



eie 2 /£ 3 +3 



< q 



< 2g 



^3 

?i4 



< 



-1*3, 



< 44, 

«2 

_|_ gtih/h+3 < _|_ g3-£2)g«3+-fe < ^i^s+fe 



Finally, (6.21) implies that 



> 



a, 



M 3 +4j i o„44+4 



1 — g 1 l — ?" 



+ + 2 g 



l<j<3 



V gL n/£ ?J+ 3 - -g 4 - eg' 1 " 1 "^ 3 " 1 
2 



> 



1 - g- 1 

As a small example, we take 4 = 3, 4 = 5, 4 = 7, q — 11, so that n = 105 
and 0105 = 2g 38 (l — g -1 ). The lower bound in (6.21) evaluates to 

#^105 > awe + (1 - g- 1 )(2(g 26 + g 22 ) - (g 14 + g 7 + g 5 + ^g 4 + 6g 15 )) 



> a 105 + 2g ib (l - g 



The general bounds of Theorem 5.2(i) and Corollary 4.30(i) specialize to 

-12 



#£>105 < "105(1 + 



Q 



1 - g- 1 



«i05 + 2g 



2(i 



The closeness of these two estimates indicates a certain precision in our bounds. 
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Remark 6.22. We claim that ifp\n, then 

#D n > a„(l - q- 1 ) 



By Corollary 5.14(iii), this is satisfied if n > 3£ . So we now assume that 



n < 3£ 2 . Then n/£ < 3£, and all prime factors of n/£ are at least £. It 
follows that either n = 8 or n/£ = £2 is prime. If £2 = £, then #D n = a n , by 
Theorem 5.2jvj\ Otherwis e we have s = [n/£ 2 \ = [£ 2 /£\ < [(3£ - \)j£\ < 2 
and from Theorem 5.2(iii) that 



#D n > a n (l - /3*) > a n (l - g-^ 2+5 ). 



It is now sufficient to show 



+ £ 2 > 6. 



This holds unless n G {4, 6, 9}, so that only n = 6 needs to be further consid- 
ered. We have (3§ = q~ 2 ~ 3 (q 1+3 + g 4 — q 3 )/2 < q^ 1 , and the claim follows from 



Theorem 5.2(iii) 



Open Question 6.23. o Some polynomials have more than a polynomial 
number of decompositions. Can we find them in time polynomial in the 
output size? Or even a "description" of them in time polynomial in the 
input size? If not: prove (by a reduction) that this is hard? 

o In the case where p = £ and p 2 \\ n, can one tighten the gap between 



upper and lower bounds in the Main Theorem (ii), maybe to within a 
factor l + Oiq' 1 )? 

o Can one simplify the arguments and reduce the number of cases, yet 
obtain results of a quality as in the I Main Theorem! ? The bounds in 
\Theorem 3.31\ are based on "low level" coefficient comparisons. Can these 
results be proved (or improved) by "higher level" methods? 
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